The General Data Protection Regulation (GDPR), which will apply from 25 May 2018, creates consistent data protection rules across Europe. It applies to companies that are based in the EU and global companies that process personal data about individuals in the EU. While many of the principles build on current EU data protection rules, the GDPR has a wider scope, more prescriptive standards and substantial fines. For example, it requires a higher standard of consent for using some types of data and broadens individuals' rights with respect to accessing and porting their data. It also establishes significant enforcement powers, allowing a company's supervisory authority to seek fines of up to 4% of global annual revenue for certain violations.
In almost all circumstances, Mangar Health will be a data controller. When Mangar Health is the data controller, we handle personal data as described in our Data Policy. We will ensure that services across Mangar Health International align with GDPR.
Whilst we operate a global business, all of our data is currently stored on servers based within the EU. Whilst we don’t envision this changing, should it become necessary rest assured that this change would be supported by strict legal compliance for safeguarding any transfers of personal data outside of the EU under the GDPR.
Mangar Health has appointed a Data Protection Officer to facilitate all Subject Access Requests and they can be reached directly at firstname.lastname@example.org