GDPR Compliance

Ap­preus in its work strictly ad­heres to the pro­vi­sions set out in the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), ac­cepted in the EU.

It is known, the GDPR pri­mar­ily gives cit­i­zens con­trol over their own per­sonal data, and also sim­pli­fies the main­te­nance of the reg­u­la­tory frame­work for var­i­ous types of in­ter­na­tional eco­nomic re­la­tions by uni­fy­ing reg­u­la­tion within the EU.

Key ap­plied GDPR principles:

• Le­gal­ity, fair­ness and trans­parency — there must be le­gal grounds un­der the GDPR for the col­lec­tion and use of data, non‐violation of any laws, open­ness, hon­esty from be­gin­ning to end about the use of per­sonal data;
• Pur­pose lim­i­ta­tion – pro­cess­ing should be lim­ited to what has been de­clared to the data sub­ject. All spe­cific tasks must be en­shrined in a pri­vacy pol­icy and must be strictly observed;
• Data min­i­miza­tion – the use of the min­i­mum nec­es­sary amount of data to achieve the goals;
• Ac­cu­racy — per­sonal data must be ac­cu­rate and not mis­lead­ing; er­ro­neous data is sub­ject to correction;
• Re­stric­tion of data stor­age – do not store data longer than nec­es­sary, pe­ri­od­i­cally au­dit data and delete un­used data;
• In­tegrity and Confidentiality/Security – store data in a safe place and pay suf­fi­cient at­ten­tion to the safety of data;
• Ac­count­abil­ity — re­spon­si­bil­ity for the pro­cess­ing of per­sonal data and com­pli­ance with all other prin­ci­ples of the GDPR, in­clud­ing records of con­fi­den­tial­ity, pro­tec­tion, use, data ver­i­fi­ca­tion by a data pro­tec­tion of­fi­cer: DPO (data pro­tec­tion officer).

The im­por­tant thing is that the GDPR ap­plies to both the one who processes the data (proces­sor) and the one who col­lects the data (con­troller). The con­troller de­ter­mines the pur­pose and mean­ing of the pro­cess­ing of per­sonal data, while the proces­sor is re­spon­si­ble for the di­rect pro­cess­ing of the data, but both are re­spon­si­ble for com­pli­ance with the GDPR.