GDPR Compliance for RIKE

This document outlines the standards and procedures that the Recording Industry of Kenya (RIKE) must adhere to in order to comply with GDPR.

1. Collection, Processing, and Use of Personal Data

RIKE is committed to protecting the privacy of its customers, employees, and other individuals whose personal data is collected, processed, and used in the course of RIKE's business. RIKE will collect, process, and use personal data only to the extent necessary for a legitimate business purpose and consistent with GDPR. In addition, RIKE will process and store personal data in accordance with the principles of data minimization and purpose limitation, as specified by GDPR. RIKE will also take appropriate technical and organizational measures to protect the security of personal data.

2. Lawful Basis

RIKE will ensure that there is a lawful basis for collecting, processing, and using personal data. RIKE will provide individuals with information about the purpose for which their data is collected, the lawful basis for processing it, and the rights they have in relation to their personal data.

3. Consent

Where processing personal data requires the individual's consent, RIKE will obtain and document that consent. RIKE will also ensure that individuals can easily withdraw their consent at any time.

4. Data Access and Portability

RIKE will provide individuals with the ability to access their personal data and, where appropriate, transfer it to another data controller. RIKE will also take reasonable steps to ensure that personal data is updated or deleted where inaccurate or incomplete.

5. Data Security

RIKE will use appropriate technical and organizational measures to protect the security of personal data, including measures to prevent unauthorized or unlawful access, destruction, use, or disclosure.

6. Data Breach Notification

RIKE will take reasonable steps to notify individuals and the appropriate regulatory authorities in the event of a data breach.

7. Data Retention

RIKE will only retain personal data for as long as necessary to fulfil the purpose for which it was collected and in accordance with relevant laws and regulations.

8. Rights of the Data Subject

RIKE will take steps to ensure that individuals can exercise their rights under GDPR. These include the right to access, rectify, erase, and restrict the processing of their personal data.

9. Complaints

RIKE will take reasonable steps to address any complaints that individuals may have in relation to the processing of their personal data.

10. Monitoring and Auditing

RIKE will monitor and audit its data processing activities to ensure compliance with GDPR.

By adhering to the standards and procedures outlined in this document, RIKE will ensure that the collective rights of producers in Kenya
are protected and that the personal data of individuals is processed in accordance with GDPR.