The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law covering data protection and data privacy in the EU and the European Economic Area (EEA). Within its scope is captured the transfer of data outside the EU and EEA, importantly the transfer and use of personal data of citizens from the EU/EEA. The GDPR came into effect on the 25th of May 2018.
Key Ideas:
It was brought into effect to update the data protection regulations of the time; to make these more timely, relevant, robust, and standard for the internet age
The emphasis with the new GDPR regulation is to ensure compliance through a requirement of process, system, and procedure documentation to protect the personal data of individuals held by an organization
It also brings into effect enhanced rights for individuals’ data held by an organization
Organizations need to be able to demonstrate that the protection of personal data held by them is of utmost importance, and that reasonable, practicable steps have been taken to embed this philosophy into every system, process, or procedure that involves the use of personal data
Our Response:
At SEBDATA, we are working hard to ensure that we are complying with the GDPR regulations. We want to put the time and effort into doing this right to ensure the protection of your data that has been entrusted to us, not only so that you can rest easier knowing that your information is secure, but also as an opportunity for us to make our business processes more robust as we move into the future.
We currently are:
Regularly updating our privacy policy to reflect changes to ensure the protection of personal data
Auditing which of our products/services collect and process personal data
Ensuring a legal basis for this collection
Ensuring compliance with obligations to customers as set out in the GDPR
Updating internal and external notices for GDPR compliance
Ensuring customer contracts are GDPR compliant
Providing data protection training for staff
Checking and building secure infrastructure around systems that collect, process, and store personal data
Creating internal compliance documentation including data maps and flow charts to gain clear insight into the path through which data flows in our business
Implementing regular internal compliance audit checks to ensure compliance, document processes, and highlight deficiencies
Putting in place processes to correct identified deficiencies in our business processes
Beyond these responses, we will keep regularly informed as to the nature of GDPR regulations and how this affects us as a business, to stay abreast of any obligations that we need to fulfill to become and remain GDPR compliant. We are sure that this will be an ongoing process, and we are delighted to engage with this to ensure the protection of your personal data so that you are confident that your information is in safe and secure hands.