On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect across European Union (EU) member states, impacting any organization that processes personal data of EU individuals. GDPR represents a strengthening and harmonizing of existing data privacy rights for individuals in the European Union.
Avery Dennison is committed to protecting personal data of our EU employees, contractors, customers, and vendors, regardless of where that data is processed. We have a robust security program and an established series of internal policies, processes, and practices across our organization to ensure that personal data of EU individuals is processed appropriately and protected in our information systems.
When processing the personal data of EU individuals we:
- Ensure there is a legitimate business reason to collect the data
- Ensure we have consent to collect and use the data (where required)
- Limit collection, storage and usage of the data only to the extent for which there is a business reason and consent
Below are some highlights of how Avery Dennison is ensuring compliance with GDPR:
- Data Breach Response Plan: In the event of a data breach that may impact the security of employee, customer, or vendor personal data, we will take steps to notify EU authorities within 72 hours of discovery of the incident.
- Data Privacy Impact Assessment: When initiating new projects or products, implementing new software, or onboarding new vendors that may process personal data of EU individuals, we will assess data privacy impact in order to ensure that personal data is adequately protected in any systems or processes controlled by Avery Dennison.
- Data Subject Rights: We understand that anyone doing business with us may have questions about the types of personal data Avery Dennison processes about them. If you would like to make a request about the personal data Avery Dennison processes, please click here to submit your request.