BNZSA STATEMENTS

BNZSA GDPR STATEMENT

On May 25th, 2018 the General Data Protection Regulation (GDPR) will take effect in the European Union. This new regulation reinforces the fundamental right to privacy for every EU citizen. This regulation will apply to every company or organisation that is working with EU resident’s personal data in any manner, which is our case.

BNZSA has always respected the right of data privacy and data protection. All the Data collected and provided to our clients respected the independent data regulation of each of the countries that we collected the data from.

Thanks to GDPR we had an opportunity to revise and improve our methods. So, we went through a process of conformity and since September 2017 we implemented our GDPR compliant process.

THE “ TRANSPARENCY methodology by BNZSA The - CONSENT - TRACEABILITY ” methodology by BNZSA

As a Data collector, BNZSA has developed a method that we have named the “Transparency-Consent-Traceability” methodology.

This methodology ensures us that all our collected data is 100% compliant with the GDPR.

Personal data is processed fairly and lawfully in a transparent manner in relation to the data subject. For all our activities, we apply these three points that are mandatory according to the GDPR.

How is BNZSA collecting GDPR compliant data?

With this methodology BNZSA operators follow three specific steps regarding the collection of the data with a prospect.

  • 1

    We will call the prospects explaining the purpose of the call and the topic, to fulfil the transparency obligation that is requested in article 12 of the GDPR.
  • 2

    The prospects will be asked if they consent to the fact that all the information collected during the call will be used for the purpose that was explained at the beginning of the call and that all the data will be handed to the client including the consent to communicate with him/her. This respects article 6 of the GDPR.
  • 3

    The prospects will be informed for which use and to which company their data will be transferred and so providing traceability of their personal data.

These three steps guarantee that all collected data by the operators is 100% GDPR compliant. Our quality control teams will oversee that for every data set all 3 steps have been respected before the data is transferred to our client.

For every single record a log will be kept that will have the date and time of the call, the phone number that was used to reach the person, the name of the operator and the different consents that have been provided. This log will be a proof for the client but also for the national authorities that BNZSA and the Client have respected all the GDPR prerogatives.

The importance of security within the GDPR.

Collecting GDPR compliant Data is not the only important point that comes out the European Regulation, another important part is also the security measures. Article 32 of the GDPR points this out and BNZSA is also aware that these security matters are important.

So how do we secure the data?

1) Storage of the collected Data

BNZSA is ensuring that the storage of the Data is in a secured manner that answers the prerogatives asked by the European legislator within the GDPR. All the collected data will be stored on our secured server, that is managed by our specialised IT team and our IT Director.

2) A secured way to transfer the data to our Client

Since BNZSA is a Data collector, we will have to transfer the collected data to our clients, and this is also an important point regarding the security. For the transfer of the collected data, BNZSA’s IT team established a private Cloud platform that can only be accessed by a select number of people that have received clearance and have been provided a personalised non-transferable username and password. This Platform is exclusively managed by our IT director Alex Biet and our DPO Maxim Olivier, they are the only employees that can allow or restrict the access to the transfer platform. These measures concerning the transfer of the collected data will fulfil the security obligations provided by the GDPR.

Following this path of GDPR, compliancy has allowed us to reinforce our 4 core values: it is about the people and respecting them, it supports the fact that only the highest quality can prevail, going the extra mile to engage deeper with our client’s prospects and clearly GDPR is changing the Status Quo of our industry.