Camila Browne, our Member Recruitment and Data Manager, talks about all the work that went into making both eumom and Zahra Media Group compliant with GDPR. She is our internal GDPR expert and defender of data integrity.
At the end of last month, the new General Data Protection Regulation (GDPR) came into place. How many emails do we all remember receiving during the weeks leading up to the 25th of May? Countless, for sure. By now, we are all feeling a bit like GDPR pros.
For most people, the buildup meant inboxes full of emails about updated Privacy Policies and Terms & Conditions from so many different companies that was quite hard to even remember that we had once signed up for all those services. But the new data protection laws had specific goals in mind and all these numerous emails had a purpose, not only to guarantee that data controllers keep their good work based on transparency, security and accountability, but also to empower all EU citizens on their rights to data privacy.
Our GDPR team first met nearly 2 years ago. From our first meeting, we knew how important and complex this project would be. This was even more apparent when eumom joined forces with Zahra Media Group last year. More members plus more partners equals more personal data. It was the perfect moment to undertake a very thorough data cleansing exercise at all different levels of both companies. Timing was just perfect!
Through this journey, we worked closely with a data consultant who gave us (and is still giving us) all the professional support and advice needed to secure that we are 100% on the top of things. Extensive work was carried out to ensure that all the organisations current and future policies, systems and procedures were up to date and compliant with the new guidelines. A Data Responsible Person was also appointed to supervise the application of these new regulations within the company and who reports directly to the highest level of the business.
The result from this project can be seen in a number of reviewed and updated policies and procedures that contribute to the transparency and accountability of our services. The Retention Policy, which details how we process, hold and retain different types of data, and the Subject Access Request Form, which empowers all individuals on their rights to personal data, are some of these examples.
Here at Zahra Media Group, as we are both Data Controllers and Data Processors at different times across different divisions, we also focused on the services offered by our providers to ensure they were all abiding by the principles and requirements of the GDPR.
On an internal level, members of all different teams across the organisation were involved in this project and in the end, all staff was invited for a training session with the objective to give everyone the right tools to understand the new regulations and how to comply with data protection obligations.
So, if you have any questions or want to know more about our policies, feel free to drop us an email.