The latest initiative in the regulatory framework covering the use and storage of personal data is the European General Data Protection Regulation, GDPR
What do businesses do with personal data?
The previous regulations published within the Data Protection Directive were originally drawn up in the 1990s, before the large scale adoption of the internet and the proliferation of social networking.
The Europe-wide GDPR sets the basic rules on how businesses and public sector organisations can handle the information of their customers. However, there are no revolutionary changes in these regulations and businesses and organisations that already comply with the previous data protection laws are already well placed on the compliance front and only need to make relatively minor changes to their procedures.
The main points of GDPR are that it lays out the rights of people to have access to the information companies hold about them, introduces stricter obligations for better data management by businesses, and sets out a regime of fines for non-compliance.
What about Brexit?
Although GDPR is a European initiative drawn up and adopted by the European Parliament and the European Council, the UK is implementing a Data Protection Bill of its own to apply post-Brexit, and which largely includes all the provisions of the GDPR. There are some small changes but UK law will be largely the same as GDPR.
Some of the UK exemptions from GDPR include extra protection for journalists, scientific and historical researchers, and anti-doping agencies who handle people’s personal information. This obviously has implications for the scientific community when processing data that may contain such personal information. The UK also puts a greater focus on the personal data of children, requiring parental consent from parents of children under the age of 13 to process their data. Elsewhere, other countries set this level at 16.
What’s Kromatek doing about GDPR?
Our use of personal data is limited to holding the data necessary for us to complete our business commitments with our customers, e.g. we hold names, addresses, and email addresses to allow us to fulfil orders. We do not ask for, or store, any personal data that could be categorised as ‘sensitive’. Any payment details used on our website are not stored, they are simply used for the specific transaction for which they have been supplied and are processed solely by our payment processing gateway.
Kromatek is a company of less than 250 employees, so we don’t have additional obligations requiring detailed documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place.
However, we have adapted our privacy and compliance statement to conform with the key aspects of GDPR. You can read our full privacy statement here.
Some other provisions of GDPR give customers the right to ask an organisation to state what personal information is held about them, plus a right to require such data to be deleted in certain circumstances.
Finally, as a responsible organisation we promise that we will only store data from our customers for the purpose it was supplied, and will never pass this on to other organisations or individuals.
Chromatography | Spectroscopy
Supplies | Consumables