From May 25 2018, The General Data Protection Regulation (GDPR) will become enforceable. This has been introduced by The European Union, who has taken a monumental step in protecting individual rights in regards to data privacy. Dams Furniture will require all suppliers to work in accordance with the General Data Protection Regulation. This is to safeguard the privacy of individuals who provide Dams with personal information. The compliance encompasses any activities carried out or on behalf of Dams by third party suppliers.
As part of Dams commitment to GDPR compliance, Dams has ensured that all third party suppliers approach the GDPR in a vigorous and unfailing manner in the management and security of personal data.
These requirements take the relevant data protection legislation into account, including but not limited to:
For the purpose of this document and our continuing relationship, Dams will be classified as the data controller, you as the supplier will be the data processor, under GDPR regulations.
Where used, the terms in reference to “data subject”, “personal data”, “data controller”, “process”, “data processor” and “supervisory authority” will bear their corresponding meanings specified in the General Data Protection Regulation.Processing personal data
By providing Dams with your products or services, you as the supplier, have agreed to enter into a contractual agreement with Dams. This will encompass collecting and delivering products to, or on behalf of Dams. As part of our GDPR compliance, you will ensure that any supporting and/or secondary data processing activities, shall;
Dams will implement and maintain, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, applicable technical and organisational procedures to ensure a level of security appropriate to the risk.
This may include but is not limited to;
If any personal data in the control of your organisation is rendered unusable, lost or corrupted, for any reason, you will contact Dams and promptly, restore the personal data back to its original state, using up to data backups and disaster recovery methods.Termination of service
If Dams terminate your services you will immediately begin your implemented process of collating Dams data in a machine readable format. You will arrange for the safe return of the data, or destroy the data, depending on the strict instruction given to you by Dams. You may refuse this service if the European Union, Member state and/or UK law requires access to the storage of Dams personal data.Personal data breach
A personal data breach means a breach of security leading to the unintentional or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
In the event of a data breach, you shall notify Dams without undue delay after becoming aware of a personal data breach. You will provide the nature of the personal data breach, including the approximate number of data subjects involved, number of personal data records compromised and time taken place. From this point it is then Dams responsibility as a controller to notify the data subject of the breach. You will provide the data subject, if instructed to do so by Dams, with as much information as possible. You will notify Dams, no later than 72 hours after becoming aware of a breach.
At Dams we take into consideration not all data breaches will require reporting, though, you will ensure your processes reduce the risk of internal data breaches (own employees) where practical as possible.Supervisory authorities
Dams will immediately notify you upon receiving a notice from any regulatory or government body, including the Information Commissioner and any supervisory authority, which directly or indirectly relates to the processing of your personal data. We shall cooperate with any relevant European Union or Member State supervisory authority.Transfer of personal outside of the EU
You will only process data to third party organisations under strict guidelines from Dams. You will ensure safeguards are in place to protect human rights and fundamental freedoms of data subjects, there are binding corporate rules in accordance with the GDPR, have approved codes of conduct in place and adhere to a standard of data protection clauses adopted by the Information Commissioner.
You will keep all documentation, where relevant, up to date and under the guidelines of the General Data Protection Regulation. Where necessary, you will provide Dams with documentation, relating to management system policies.