|What is GDPR?||The General Data Protection Regulation (GDPR) is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data and comes into effect on May 25, 2018
|Who Does GDPR Affect?||The GDPR not only applies to organisations located within the EU, but it will also apply to organisations located outside of the EU, if they offer goods or services to, or monitor the behavior of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.|
|What does GDPR Require from Companies?||The Data Protection laws require us to process your personal information fairly, lawfully and in a transparent manner. This means you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide a product or service that you require.
GDPR also requires companies to report data breaches which must be reported to the Information Commissioners Office in the UK within 72 hours and, to individuals affected without delay.
|What is a Data Protection Officer (DPO)||· The Data Protection Officer (DPO) is responsible for monitoring internal compliance, informing and advising the organization on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the supervisory authority.
· The Jamaica National Group has appointed a DPO for the Group, who is based in Jamaica.
· The Jamaica National Group will also appoint a DPO in the UK, specifically responsible for our companies that operate in the UK, including the JN Bank UK Representative Office and JN Money Services UK Ltd.
|What is meant by personal information?||Personal information (data) means all information that can be used to directly or indirectly identify a person. Examples would be names, dates of birth, addresses, tax reference numberand also online identifiers such as IP addresses, types of website cookies and other device identifiers.
|What is the lawful basis on which someone’s data can be processed under GDPR?||The lawful basis on which data is processed is as follows:
a) Consent: the individual has given clear consent for processing of personal data for a specific purpose.
(b) Contract: the processing is necessary to fulfill a contract with an individual.
(c) Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary forlegitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.