R E G U L A T O R Y C O M P L I A N C E
Enabling Technologies for Financial Services
AMLInfo a CubeIQ Limited Division
Welcome to AMLInfo Web Site for Regulatory Compliance Technology - AML & Compliance Products and Services.
EU GDPR is in force as of May 25, 2018
General Data Protection Regulation – GDPR was approved by the EU Parliament on April 14, 2016 Regulation No. 2016/679 and it has come into force 20 days after its publication in the Official Journal of the EU. As a Regulation it is directly applicable in all EU Member States two years after set in force, on May 25th 2018, when the bodies; companies and organizations that will not comply will face heavy fines.
General Data Protection Regulation replaces the EU Directive on Data Protection 95/46/EC, and aims (a) to harmonize data protection laws across Europe (b) protect and strengthen the privacy of EU citizens and (c) to reshape the way in which the agencies active in the EU approach and manage personal data security. GDPR will also require much closer co-operation between the different independent authorities such as “Supervisory Authorities” or “Private Data Protection Authorities”.
When GDPR is applied?
The date of application of the regulation in EU Member States is May 25th, 2018
Who does the GDPR affect?
GDPR affects all EU bodies; companies and organizations, private, public and state controlled that maintain and manage private data of EU citizens. In this sense companies and organizations outside EU that manage personal data of EU citizens are also affected.
What is considered personal data?
Any information related to a natural person or “Data Subject” that can be used to directly or indirectly identify the person is considered personal data. This information can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
How it is applied?
After May 25th, 2018 bodies, companies and organizations operating within the EU should use high-tech security systems for the protection of the personal data they manage. Also companies outside EU that manage personal data of EU citizens should also comply by using high-tech security systems for protecting personal data.
Which are the penalties for violations?
In case of private data protection breach, companies (a) they must inform immediately their National Authority of Personal Data Protection and their National Regulating Authority and (b) will face fines of up to 4% of their annual turnover or 20 million Euro (whichever is greater).
In order to be compliant with GDPR we have taken the following action:
- We have created personal data processing records, processes and systems, which are reviewed regularly.
- We have executed Data Privacy Impact Assessment (DPIA) to identify, assess, mitigate and minimize the risk on personal data processing.
- We follow the basic (and extended) data protection principles.
- We transfer personal data to non-EU countries only under certain conditions.
- We give access to personal data managed to partners only under controlled and secure conditions and only if they demonstrate their compliance with GDPR.
- We have developed and use electronic computerized procedures and tools for timely and free or charge requests of individuals manage their personal data.
- We have notified and inform the individuals appropriately and promptly about their rights on personal data protection and management.
- We ensure personal data protection throughout their life cycle.
- We keep records and inform for any personal data breach within 72 hours the National Private Data Protection Authority and the individuals with direct communication and public announcements.
- We keep records to prove that we comply with all GDPR requirements.
- EU No. 2016/679, April 14, 2016, General Data Protection Regulation [EN]
- [EL] GDPR Awareness, Website for GDPR Implementation
You can contact us for questions regarding this GDPR Compliance Statement using the information on the contact web page.
Last Edited on 2023-01-13