The data protection policy of MPS Enterprises


Data protection policy

Updated 13.9.2022.

The purpose of the data protection policy is to define the responsibilities, principles and operating methods to ensure the lawful processing of personal data and a high level of data protection. The data protection policy is approved by the management team of MPS Enterprises. The Data Protection Officer together with the data protection team is responsible for maintaining the policy.

Data protection is closely connected with data security. The principles of data security are defined in the data security policy of MPS Enterprises.

1 Responsibilities and organisation

The management of the group and business units are responsible for the implementation and management of data protection. A Data Protection Officer has been appointed for MPS Enterprises, who guides and trains the business in data protection matters and supervises compliance with data protection legislation. The Data Protection Officer reports to the group’s top management. The data protection group, together with the Data Protection Officer, is responsible for the monitoring, informing and training of data protection practices in accordance with the annual clock.

Every employee must know the basics of data protection and the data protection instructions related to their own area of responsibility. The business units are responsible for the resource allocation for and practical implementation of data protection. The business is also responsible for contracts related to the processing of personal data with both customers and partners acting as data processors. Only operators who are able to meet the requirements of data protection legislation are chosen as partners. Agreements specifying the responsibilities and obligations of the parties are always drawn up when outsourcing the processing of personal data.

2 Principles of data protection and data life cycle

The processing of personal data at MPS Enterprises is always carried out on a legal basis and for a defined purpose. The data is processed in accordance with the law, appropriately and transparently, and only for as long and to the extent necessary. We try to ensure the accuracy of the data being processed from the data subject themselves or from reliable sources.

Data subjects are informed in an appropriate and timely manner about the processing of personal data and the data subject’s rights. A privacy policy has been prepared for the processing of personal data. Requests related to the rights of the data subjects are processed according to the defined process.

Storage periods have been defined for personal data according to their purposes of use, which are checked regularly.

Special consideration is taken when transferring data outside the EU and EEA. MPS ensures that transfer criteria in accordance with legislation and other necessary safety measures are used.

The processing of personal data is planned in advance. Compliance with data protection requirements and documentation is ensured when planning new services, applications or processes that involve the processing of personal data.

3 Realisation of data protection

MPS Enterprises ensures the realisation of data protection by documenting and instructing the methods of processing personal data. Adequate data protection expertise of personnel is ensured through training and provision of information. New employees are systematically familiarised with data protection matters.

Only employees whose tasks require their processing have access to personal data. All MPS employees and partners who process personal data sign a non-disclosure agreement.

The data security of personal data is ensured by adequate technical and organisational measures, which are more precisely defined in the data security policy of MPS Enterprises.

MPS regularly and in a risk-oriented manner evaluates the processes and operating methods of processing personal data, and actively follows the authorities’ instructions and policies regarding data protection.

4 Procedure if data protection has been compromised

MPS Enterprises has defined and described the processes to be followed in cases of data security breaches. The personnel are trained and instructed to detect data security breaches and report them immediately. All suspected data security breaches are investigated without delay. Business representatives, the Data Protection Officer and, if necessary, the parties responsible for data security and systems participate in the investigation. All data security breaches are documented and the notifications required by the data protection regulation are made to the authorities and data subjects and, in accordance with the agreements, to partners such as registrars and joint controllers.

MPS Enterprises considers actions that infringe either the laws concerning the processing of personal data as well as this data protection policy or the instructions given based on it to be actions that compromise data protection.

5 Data protection policy updates and informing

The data protection policy is regularly reviewed and updated as necessary. Updates are communicated to our personnel on the intranet and other internal communication channels. Stakeholders can view the policy on the website of MPS Enterprises.