This Policy describes uses and discloses of Personal Data ("PD") only as authorized by the Data Subject through Consent, contract, statute, or when it is lawful for public policy reasons. All Authorizations by Data Subjects shall be obtained in writing and stored in our Compliance Repository. Our Compliance Officer will ensure that all Authorizations meet the requirements of the GDPR and that our staff is trained regarding those instances of uses and disclosures wherein Authorizations are implicated.
The GDPR is a monstrous regulation and they have done an excellent job of moving the ball down the field. GDPR is widely acknowledged as the first global privacy and security regulation and so we can expect some growing pains. Our intentions, as always, are to apply our agile methodology to get quick results fast, learning every step of the way.