The GDPR is the general data protection regulation adopted by the European Union and came into force on May 25, 2018. It regulates actions in the development of measures to protect the rights of people to non-interference in their privacy. These are stricter restrictions regarding the provision of consent to the use of confidential data, the right to be forgotten, the type and amount of personal data that can be used, access to data and its security, etc., in addition to those that have already been applied in countries for some time. European Union and a number of other countries of the world.
OnIn strives to follow this regulation and implements the following measures and mechanisms to comply with the GDPR:
1. The company created the position of an information security specialist and hired an employee with sufficient experience to perform the tasks of ensuring the technical and methodological protection of personal data of respondents, partners and employees.
2. GDPR requirements apply to both respondents and OnIn employees and partners. Access to the personal data of respondents and partners is reserved exclusively to specialists whose job responsibilities include working with this data and who are familiar with the requirements of the Privacy Policy against signature. Access to the personal data of employees is reserved exclusively to specialists of the personnel department.
3. OnIn conducted training for employees to familiarize them with the basic requirements for data protection. All employees have been certified based on their training results. The job descriptions of employees and regulations on company divisions have been finalized taking into account the new requirements of the GDPR.
4. OnIn places high demands on partners and has included additional requirements to increase the level of protection of personal data by partners.
5. OnIn provides encryption when working with panels and databases containing special categories of personal data (data on health, political views, religion, membership in associations and public organizations, etc.).
6. The transfer of data and storage of information is carried out exclusively with the use of certified technologies and software and hardware that comply with the requirements of the GDPR.