Compliance with Legal Requirements

UNIAPT's compliance with US and UK data protection legislation involves adherence to a range of specific legal requirements and best practices.

Compliance with US Data Protection Legislation:

Health Insurance Portability and Accountability Act (HIPAA):

Protected Health Information (PHI): UNIAPT ensures the confidentiality, integrity, and availability of all PHI.

Security Rule: Implements required safeguards to protect e-PHI, including administrative, physical, and technical protections.

California Consumer Privacy Act (CCPA):

Consumer Rights: UNIAPT adheres to consumer rights including the right to know about personal information collected, used, and shared.

Opt-Out Rights: Compliance with consumers' rights to opt out of the sale of their personal information.

Children's Online Privacy Protection Act (COPPA):

Verifiable Parental Consent: Ensuring parental consent for the online collection of information from children under 13.

UK Data Protection Act 2018 (DPA 2018):

Lawfulness of Processing: UNIAPT processes personal data lawfully, fairly, and in a transparent manner.

Data Minimization: Ensuring that personal data collected is adequate, relevant, and limited to what is necessary.

EU-US Privacy Shield Framework (prior to its invalidation): UNIAPT had adhered to the Privacy Shield framework for lawful transfer of EU data to the US.
Standard Contractual Clauses (SCCs): Post Privacy Shield, UNIAPT relies on SCCs for the legal transfer of personal data from the EU/UK to the US.

UNIAPT conducts regular audits to ensure ongoing compliance with these evolving regulations.
Policies and practices are updated regularly to align with legislative changes and guidance from regulatory authorities.

Regular training programs for employees to ensure they are aware of their responsibilities under these laws.
Dedicated Data Protection Officers (DPOs) oversee compliance in both the US and UK jurisdictions.

Last updated 2 years ago