SI Security Consulting (“we,” “us,” or “our”) is committed to ensuring the privacy and protection of all personal data that we process. Our approach to compliance with the General Data Protection Regulation (GDPR) is rooted in our commitment to uphold the highest standards of data security and transparency. This page outlines the processes we have implemented to comply with GDPR requirements, ensuring that our clients, partners, and visitors from the European Economic Area (EEA) can trust us with their data.
Data Collection and Processing
1.1 Lawfulness, Fairness, and Transparency:
– We collect and process personal data only for specified, explicit, and legitimate purposes. We ensure that data processing is transparent, providing clear information about how and why data is collected and used.
1.2 Data Minimization:
– We only collect personal data that is necessary for the purposes for which it is being processed. We regularly review our data collection practices to ensure they are in line with the principles of data minimization.
1.3 Purpose Limitation:
– Personal data is collected for specified, legitimate purposes and not further processed in a manner that is incompatible with those purposes.
1.4 Accuracy:
– We take all reasonable steps to ensure that personal data is accurate and kept up to date. Inaccurate data is promptly corrected or deleted.
1.5 Storage Limitation:
– We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by law.
1.6 Integrity and Confidentiality:
– We implement appropriate technical and organizational measures to ensure the security of personal data, protecting it against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Data Subject Rights
2.1 Right to Access:
– Individuals have the right to access their personal data. Upon request, we provide a copy of the personal data we hold, along with details about how it is processed.
2.2 Right to Rectification:
– Individuals have the right to request the correction of inaccurate or incomplete personal data.
2.3 Right to Erasure (Right to be Forgotten):
– Individuals can request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, or if they withdraw their consent.
2.4 Right to Restrict Processing:
– Individuals have the right to request the restriction of processing their personal data under certain circumstances, such as when the accuracy of the data is contested.
2.5 Right to Data Portability:
– Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
2.6 Right to Object:
– Individuals can object to the processing of their personal data, particularly where the processing is based on legitimate interests or direct marketing.
2.7 Rights Related to Automated Decision-Making:
– We do not use personal data for automated decision-making processes, including profiling, without providing meaningful information about the logic involved and the potential consequences.
Consent Management
3.1 Obtaining Consent:
– Where consent is required for data processing, we obtain it in a clear, affirmative manner. Consent is specific, informed, and freely given, and individuals have the right to withdraw their consent at any time.
3.2 Managing Consent:
– We provide mechanisms for individuals to manage their consent preferences, including the ability to easily withdraw consent.
3.3 Children’s Data:
– We do not knowingly collect or process personal data from children under the age of 16 without verifiable parental consent. If we discover that we have unintentionally collected such data, we will promptly take steps to delete it.
Data Protection by Design and Default
4.1 Data Protection Impact Assessments (DPIAs):
– We conduct DPIAs for processing activities that are likely to result in a high risk to the rights and freedoms of individuals. These assessments help us identify and mitigate risks related to data processing.
4.2 Privacy by Design:
– We incorporate data protection principles into the design and development of our products, services, and business processes to ensure that privacy is considered at every stage.
4.3 Privacy by Default:
– We implement default settings that prioritize privacy, ensuring that personal data is not accessible to an indefinite number of persons without the individual’s intervention.
Data Breach Management
5.1 Incident Response:
– We have established procedures for detecting, reporting, and investigating personal data breaches. These procedures include prompt action to mitigate harm and notify affected individuals and the relevant supervisory authority, where necessary.
5.2 Breach Notification:
– In the event of a data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected individuals and the relevant supervisory authority without undue delay.
Third-Party Processors
6.1 Due Diligence:
– We conduct thorough due diligence on all third-party processors to ensure they comply with GDPR and other relevant data protection regulations.
6.2 Processor Agreements:
– We enter into Data Processing Agreements (DPAs) with all third-party processors, setting out their obligations to protect personal data and ensuring that they process it only in accordance with our instructions.
6.3 International Data Transfers:
– When transferring personal data outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect the data in accordance with GDPR requirements.
Training and Awareness
7.1 Employee Training:
– We provide regular training to our employees on GDPR and data protection principles, ensuring that they understand their responsibilities and the importance of protecting personal data.
7.2 Awareness Campaigns:
– We conduct ongoing awareness campaigns to reinforce the importance of data protection and to keep our staff informed about the latest developments in data privacy.
Ongoing Compliance Monitoring
8.1 Audits and Reviews:
– We regularly audit our data protection practices and policies to ensure ongoing compliance with GDPR and other relevant regulations. This includes reviewing our data processing activities, security measures, and third-party relationships.
8.2 Policy Updates:
– We keep our data protection policies up to date, reflecting changes in legislation, best practices, and our business operations.
Contact Information
For any questions or concerns about our GDPR compliance process, or to exercise your data subject rights, please contact us at:
SI Security Consulting
200 W River Dr, Suite 11
St. Charles IL, 60174
Email: compliance@si-security.com
Phone: (312) 796-7188
At SI Security Consulting, we proactively ensure compliance with all federal and international regulations, reflecting our unwavering commitment to legal integrity and client trust.
Michael Blickensderfer, ESQ
At S.I. Security Consulting, we lead from the front in cybersecurity, ensuring that our clients are not just compliant but truly secure against the evolving landscape of digital threats.