How CIS is Ensuring GDPR Compliance

How CIS is ensuring GDPR compliance

On May 25th, the General Data Protection Regulation (GDPR) comes into effect. It strengthens the personal data and privacy rights of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside of the EU.

CIS undertook a comprehensive review of its processes and data storage and consulted our legal advisors to ensure we are 100% compliant with the new regulation. We appointed an external Data Protection Officer who will monitor our compliance into the future. We established a GDPR team with a representative from each department of the company; Research, Accounts, Marketing, Sales and IT who will manage our processes and personal data in accordance with the new regulation.

If you have any questions about GDPR, we have a dedicated email datacontroller@cisireland.com

CIS data collection and processing methods

CIS has three lawful bases for processing personal data;

  • Legitimate interest
  • Consent
  • Contract

We have produced a legitimate interest assessment for each element of personally identifiable information that we process in our Research, Sales, Marketing and Accounts departments.

You can read more about our bases for processing personal data in our Privacy Policy and Terms of Use

How do new CIS processes affect you?

You can continue to use the CIS Service and data, however it is your responsibility to ensure your business is GDPR compliant, particularly when you export CIS data for research, sales and marketing purposes. We advise you to seek legal advice on how you process this data.

The following is a list of frequently asked by our customers about CIS and GDPR

We have complied at list of questions received from our customers to date. If you have a question that does not appear below please contact us at datacontroller@cisireland.com

What process did CIS undertake to become GDPR compliant?

CIS appointed an internal GDPR team with representatives from every department. We appointed an external Data Protection Officer (DPO) and an internal Data Controller Officer (DCO) to review all our process and update them in accordance the new regulation.

Will the CIS website look any different with GDPR changes?

The only changes you will see are notes on our project description and mail merge pages reminding you of your responsibility to ensure you are GDPR compliant in processing data you export from our website.

Why is CIS continuing to publish the names of contacts on projects, is this not personal data?

GDPR does not mean you cannot process personal data. We are using the basis of Legitimate Interest in order to continue publishing this information.

If I unsubscribe from CIS, what process is in place to ensure my personal details are completely removed?

If you are a Freemium subscriber, you can simply email or call us on 01 2999 200 to fully unsubscribe and we will immediately remove your personal contact details from our database.

If you are a Premium Subscriber you must give us a month’s notice to cancel your account as per our Terms of Use. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements

If you are on our list of consenting non-affiliated contacts on our marketing email database, simply click unsubscribe on any of these emails or contact us directly on support@cisireland.com to revoke your consent to be contacted and we will immediately remove your personal details from our database.