GDPR (General Data Protection Regulation) is the EU regulation for the protection of personal data, which came into force on May 25, 2018, and replaced Directive 95/46/EC on the protection of personal data. The regulation has strengthened the rights of EU citizens over their personal data.
CBK is committed to protecting the privacy and security of personal data for our customers, employees, suppliers, and other stakeholders. Like many others, CBK works hard to ensure that our privacy policy meets the highest standards for data protection. In this regard, CBK is also ISO certified according to the ISO9001 standard, which pertains to the company's quality management.
This represents a continuous commitment to our customers, employees, and other stakeholders regarding data collection, use, storage, and sharing practices. It is also a continuous commitment to implementing appropriate technical security measures.
CBK's privacy policy is managed through our work with ISO, the KM team, and management. This ensures a strong commitment to privacy and security issues, as well as the alignment of policies, procedures, and technical controls.
CBK conducts annual audits with the auditing firm RISE in connection with our ISO certification, including a review of our commitment to GDPR. The results from the GDPR audit are closely monitored to improve and increase the level of compliance with the GDPR within CBK.
How GDPR affects the organization:
Management
Ownership of our quality management.
Processes
Management of personal data. Marketing, IT, services, and sales.
Employees
Personal data about employees.
Marketing
Consent, events, campaigns, social media, cookies.
Systems
Type of personal data. Where data is stored. Legal basis for storing personal data.
Contracts
Customer and supplier contracts where we obtain customer and supplier personal data. Vendor contracts where they process or have access to personal data.