Mela Approach to GDPR
What is GDPR and when do the new regulations come into force?
The European Union (EU) General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy. GDPR is designed to make EU Data Protection Laws fit for the Digital Age, in which more and more data is processed and held electronically. The new regulations come into force on 25 May 2018.
Does it apply to Mela Works?
Yes. GDPR not only applies to organisations located within the EU but also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of EU citizens, regardless of the company’s location. For non-EU countries, GDPR will be in addition to existing data protection laws.
An example of this is sending out e-newsletters or regular correspondence to Mela users who are EU citizens. Another example is handling the data of Mela users who are EU citizens.
What constitutes personal data?
Any information related to a person or ‘Data Subject’, which can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, passport information, medical information, or a computer IP address.
How does it impact Mela Works?
Mela Works controls and processes the data of its employees and users in order to conduct its day-to-day business. Mela Works works on its process to incorporate Privacy by Design and to ensure the confidentiality, integrity and availability of the personal data it controls. Mela Works maintains appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access, and to comply with the six rights of Data Subjects; Lawful, Legitimate, Minimal, Accurate, Removal and Security.
What this means is Mela Works must:
- Have a legal basis before processing personal data (consent, contractual, data sharing agreement)
- Only send what is necessary
- Send only to the people that really need the information
- Foster a culture of ‘think privacy first’
- Create and maintain written records of processing activities
- Safeguard personal data
- Manage third party contracts through ensuring that those outside of the Mela Works that process personal data on its behalf, are protecting personal data in accordance with GDPR
What personal data does Mela Works hold?
- Name of users
- Email address of users
- IP Address
- Location information
How Mela Works collects information?
We collect information about you when you:
- Create or modify your account
- Use the mobile app or the web portal
- Visit our website
- Communicate with us
We also collect information through other sources, such as when users share their Mela Works tasks with other users.
How Mela Works uses information it collects?
We use information about you to:
- Operate, improve, promote, and protect Mela Works, our mobile app and the web portal
- Communicate with you
We use commercially reasonable efforts to protect your personal information and have implemented technical and organisational measures in line with industry best practices.