Umarkets has changed the conditions for storage of personal data of Europeans in accordance with the GDPR

On May 25, 2018, the new General Data Protection Regulations (GDPR) comes into force. The GDPR applies to all companies that process personal data of the EU residents and citizens, regardless of the location of such an organization. Umarkets has already started updating the privacy policy in accordance with the GDPR.

With the transition to the new regulation, Umarkets expands the rights of its clients – EU citizens and residents – to control their personal data. Starting from May 25, 2018, the company introduces new rules for data collection and processing that will increase the level of data protection and improve the quality of services. Thus, Umarkets strives to provide its clients with even more comfortable and safe working conditions.

The effect of the GDPR applies to organizations that process personal data of Europeans while the implementing of online sales. Such companies are obliged to comply with the new European rules for the processing of personal data.

According to the GDPR, personal data means any information related to an identified or identifiable individual (data subject), who can be determined, directly or indirectly, with the help of this information. Such information includes, among other things, name, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual (p. 1, a. 4).

The general approach of Europeans to the processing of personal data is reflected in six principles:

1) Legitimacy, fairness and transparency. Personal data must be processed legally, fairly and transparently. Information about the purposes, methods and volumes of personal data processing must be presented clearly and simply.

2) Limitation of processing in accordance with the objectives. Data must be collected and used for the purposes stated by the company.

3) Minimization of data being processed. Personal data must be collected in the volume that is necessary for processing purposes.

4) Assurance of accuracy and relevance of data. Inaccurate personal data must be deleted or corrected at the user’s request.

5) Restriction of storage time. Personal data must not be stored for longer than necessary for processing purposes.

6) Assurance of integrity and confidentiality of data. Companies are obliged to protect personal data from unauthorized or illegal processing, destruction and damage.

Within the framework of GDPR, Umarkets acts as both a Data Processor and Data Controller. It means that it independently determines the purposes of data collection and processes the necessary information.

To the release of the EU General Data Protection Regulations, UMarkets performed an audit of all systems through which personal information is transmitted and where it is stored.

The company reduced the time during which each system stores personal information and changed the processes of internal information communication to centralize information storage and management. Also, internal processes were created to handle requests for information about personal data and its deleting.