The European General Data Protection Regulation (GDPR) came into force on 25 May 2018. This text enforced new obligations for companies like Mercateam that process personal data and new rights for those affected by such processing, including the right to be forgotten and the right to data portability.
Mercateam is in a constant process of compliance with the GDPR, and therefore offers its services in a secure and clear legal framework. Mercateam has always given great importance to the protection of personal data and the advent of the GDPR is an opportunity to reinforce this protection for the benefit of our clients.
It should be noted that, given the services offered to its clients, Mercateam acts as a subcontractor of the clients. It is therefore also the responsibility of the latter to ensure that their operations are compliant with the GDPR, particularly with regard to the collection of personal data which is then transmitted to Mercateam.
Among the measures implemented by Mercateam to comply with the provisions of the GDPR, the following can be noted
the establishment of a clear contractual framework, in which the obligations and responsibilities of Mercateam and its clients with regard to the collection and processing of personal data are precisely defined;
the keeping by Mercateam of a register of processing, identifying and updating all processing carried out on the personal data transmitted to it;
the implementation of a personal data security approach to reduce as far as possible the risks of data breaches, and the establishment of a protocol for informing clients in the event of such a security breach;
the appointment of a data protection officer (DPO), who is responsible for ensuring internal compliance with the data protection policy.