The GDPR (General Data Protection Regulation) came into force on 25 May 2018, replacing the 28 current national data protection laws based on the 1995 Data Protection Directive (DPD). All the organizations that are registered in the EU or have an establishment or subsidiary in the EU and process or monitor the personal data of EU residents must comply with the new data protection regulation.
This situation directly affects not only the UIPM but all its Member Federations. This important matter has been an object of internal discussion and large work preparations within the UIPM for the implementation of the appropriate measures since 2018. Compliance with the GDPR requires a big effort of several stakeholders and UIPM is totally committed to that. The UIPM National Federations had to regularize their GDPR situation in the UIPM Portal until April 30th, 2020.
IT security and risk review | GDPR
The UIPM’s database server runs the cash refresh every night at 12.00 A.M and updates only data with any change on the time stamp, which avoids large data transactions and keeps following when any data is changed by a National Federation or the UIPM. Any discrepancy in that routine immediately generates a report that is sent to the IT Manager who proceeds with a security checking.
UIPM uses an Apache webserver with SSL certificates that keep online interactions private even though they travel across the public Internet. The server utilizes firewalls, backup storage, antivirus software and encryption, as well as customizable permissions and security settings. The backup is taken in a way to ensure backup storage and retrieval.
All personal data is kept private and securely in line with GDPR guidelines.
Encrypted data is shared only between the browser or server and the webserver.
Concerning its employees and consultants, the UIPM reaffirms its compliance with the GDPR. A privacy notice has been distributed and signed by each staff. The document was focused on informing about the categories of personal data processed and clarifying the reasons for processing their data, the lawful basis to process these, how long the data are kept for, and their rights regarding their data.
Documents available for download: