GDPR Compliance


Introduction

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual.

How we comply with the GDPR

At OpenEye, we have always been vigilant about data protection and security across our organization. Here's an overview of our GDPR compliance:

  • Risk Assessment - We perform company-wide information audits to identify and assess what personal information we hold, where it comes from, how and why it is processed, and to whom it is disclosed.
  • Policies & Procedures - We have implemented data protection policies and procedures to meet the requirements and standards of the GDPR and other related data protection laws, including:
    • Data Protection - We maintain strict policies and procedures for protecting data. We also conduct ongoing trainings to educate our employees about GDPR directives and the protection of individual privacy rights under this law.
    • Data Retention & Erasure - We have retention policies and schedules to ensure that we meet the 'data minimization' and 'storage limitation' principles and that personal information is stored, archived, and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the 'Right to Erasure' obligation.
    • Data Breaches - Our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate, and report any personal data breach at the earliest possibility.
    • International Data Transfers & Third-Party Disclosures - OpenEye transfers EU data to the USA. The GDPR allows this through a program called the Privacy Shield which OpenEye is a member. Privacy Shield requires additional data protection policies be in affect to ensure the security and privacy of all applicable data that leaves the EU.
    • Privacy Policy - We maintain a Privacy Policy that outlines all the ways we collect, store, process and share data, and discuss data subjects rights under the GDPR.
    • Data Processing Addendum - Where we use any third-party to process personal information on our behalf, we ensure we have valid Processor Agreements in place between them and OpenEye to ensure their data privacy and protection processes are as strict as our own.
  • Data Subject Rights - We outline in our privacy policy the rights of data subjects to understand how we collect and process data, their rights under the GDPR framework and how they can exercise those rights. This includes the following details:
    • What personal data we hold about them
    • The purposes of the processing
    • The categories of personal data concerned
    • The recipients to whom the personal data has/ will be disclosed
    • How long we intend to store their personal data
    • If we did not collect the data directly from them, information about the source
    • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
    • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
    • The right to lodge a complaint or seek judicial remedy; and who is to be contacted in such instances

Our Commitment

We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection.

OpenEye is dedicated to safeguarding the personal information under our remit. We have developed a data protection process that is effective, fit for purpose, and demonstrates an understanding of, and appreciation for the new regulation.

Information Security, Technical, and Organizational Measures for GDPR Compliance

OpenEye takes the privacy and security of individuals and their personal information very seriously. We take every reasonable measure and precaution to protect and secure the personal data that we process. We have dedicated information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction, and have several layers of security measures, including secure APIs, access controls, password policies, data encryption, secure IT practices, and restrictions on access of confidential data by unauthorized personnel.

OpenEye understands that continuous employee awareness and understanding is vital to our continued compliance of the GDPR regulations. We have already implemented an employee awareness program specific to GDPR regulations, and have updated our training protocol to ensure compliance with these regulations.


Updated: todo
Revision: todo

OpenEye is developing the future of surveillance in Liberty Lake, Washington