This document outlines the standards and procedures that the Recording Industry of Kenya (RIKE) must adhere to in order to comply with GDPR.
1. Collection, Processing, and Use of Personal Data:
RIKE is committed to protecting the privacy of its customers, employees, and other individuals whose personal data is collected, processed, and used in the course of RIKE's business. RIKE will collect, process, and use personal data only to the extent necessary for a legitimate business purpose and consistent with GDPR. In addition, RIKE will process and store personal data in accordance with the principles of data minimization and purpose limitation, as specified by GDPR. RIKE will also take appropriate technical and organizational measures to protect the security of personal data.
2. Lawful Basis:
RIKE will ensure that there is a lawful basis for collecting, processing, and using personal data. RIKE will provide individuals with information about the purpose for which their data is collected, the lawful basis for processing it, and the rights they have in relation to their personal data.
3. Consent:
Where processing personal data requires the individual's consent, RIKE will obtain and document that consent. RIKE will also ensure that individuals can easily withdraw their consent at any time.
4. Data Access and Portability:
RIKE will provide individuals with the ability to access their personal data and, where appropriate, transfer it to another data controller. RIKE will also take reasonable steps to ensure that personal data is updated or deleted where inaccurate or incomplete.
5. Data Security:
RIKE will use appropriate technical and organizational measures to protect the security of personal data, including measures to prevent unauthorized or unlawful access, destruction, use, or disclosure.
6. Data Breach Notification:
RIKE will take reasonable steps to notify individuals and the appropriate regulatory authorities in the event of a data breach.
7. Data Retention:
RIKE will only retain personal data for as long as necessary to fulfil the purpose for which it was collected and in accordance with relevant laws and regulations.
8. Rights of the Data Subject:
RIKE will take steps to ensure that individuals can exercise their rights under GDPR. These include the right to access, rectify, erase, and restrict the processing of their personal data.
9. Complaints:
RIKE will take reasonable steps to address any complaints that individuals may have in relation to the processing of their personal data.
10. Monitoring and Auditing:
RIKE will monitor and audit its data processing activities to ensure compliance with GDPR.
By adhering to the standards and procedures outlined in this document, RIKE will ensure that the collective rights of producers in Kenya are protected and that the personal data of individuals is processed in accordance with GDPR.