GDPR Compliance Policy
Policy Owner: Founder/CEO
Effective Date: May 22nd, 2023
Application
This policy applies to all employees, contractors, and vendors while doing business with Wanclouds Inc. and others who have access to European Union (EU) and the European Economic Area (EEA) data subject information (“personal data”) in connection with Wanclouds Inc.’s operating activities.Policy
Wanclouds Inc. is committed to protecting the security, confidentiality, and privacy of its information resources including EU and EEA personal data in accordance with the requirements set forth in the General Data Protection Regulation (EU) 2016/679 (“GDPR”, “Regulation”). Personal data shall only be processed when there is a legal basis to do so, data shall be managed to ensure that security, confidentiality, and privacy are maintained, and data will be used only for authorized purposes. All employees and contractors of Wanclouds Inc. share the responsibility for safeguarding personal data to which they have access.1: Ensuring compliance with requirements imposed by GDPR and Wanclouds Inc.’s regulatory obligations
2: Providing for the establishment of GDPR Policies that set forth, among other things, the required technical, physical, and administrative safeguards to maintain the security, confidentiality, and privacy of personal data
3: Setting forth the roles and responsibilities necessary for Wanclouds Inc. to meet its obligations with respect to activities related to the processing of personal data in accordance with GDPR
Roles and Responsibilities
Policy Adoption
Wanclouds Inc. shall, in cooperation with relevant stakeholders, develop and adopt necessary and appropriate GDPR Policies, which will include, among other things, the technical, physical, and administrative safeguards required to ensure the confidentiality, integrity, and privacy of personal data, and protect personal data against reasonably anticipated threats or hazards and unauthorized uses or disclosures. All relevant Wanclouds Inc. stakeholders shall cooperate with Wanclouds Inc. in the development and implementation of the GDPR Policies.
The Wanclouds Inc. Information Security and Data Privacy Policies are a component of the GDPR Policies and implement controls which support GDPR compliance.
Responsible Person
NAME, TITLE, EMAIL, PHONE has been assigned responsibility for overall oversight of Wanclouds Inc.’s GDPR compliance program.
Data Protection Officer1
The Data Protection Officer (DPO) shall have the responsibilities set forth in this Policy and GDPR Article 39. The DPO is tasked with daily and ongoing oversight and management of Wanclouds Inc.’s GDPR Compliance Program, which includes the following responsibilities:
1: Monitoring Wanclouds Inc.’s internal compliance with GDPR
2: Providing guidance at the earliest stage possible on all aspects of data protection
3: Keeping Wanclouds Inc. stakeholders appraised of changes to GDPR and other relevant laws and regulations
4: Assisting the controller or processor in monitoring internal compliance with the Regulation, including:
a: Collecting information to identify processing activities
b: Analysing and checking the compliance of processing activities
c: Informing, advising and issuing recommendations to the controller or the processor
5: Acting in an independent manner, and ensuring there is no conflict of interest in other roles or interests that the DPO may hold
6: Maintaining inventories of all personal data stored on behalf of the data controller or processor
7: Responding to security, privacy, and data access requests and complaints from data subjects
8: Managing data security and critical business continuity issues that could impact personal data
9: Providing guidance, as requested, to the data controller to complete a data protection impact assessment (“DPIA”)
10: Providing guidance on responding to accidental or malicious activity that could impact personal data
Article 27 Local Representative2
For entities operating outside of the EU, Representatives must be named (a Representative is defined in Article 4 as “a natural or legal person established in the [EU] who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under the GDPR.”). Representatives must be established in one of the EU Member States where the data subjects whose personal data the company processes are located. Companies operating in the UK must also appoint a UK Representative. Primary responsibilities include:
1: Serving as the contact point for all issues related to the company’s processing of personal data under the GDPR, including as a contact point for supervisory authorities
2: Understanding current data protection laws, legal or compliance requirements, and interfacing with regulatory authorities
Representative(s) is/are:
EU Representative: NAME, TITLE, EMAIL, PHONE, COUNTRY
UK Representative: NAME, TITLE, EMAIL, PHONE, COUNTRY