The new European Union General Data Protection Regulation (GDPR) is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, coming into force on May 25, 2018. GDPR sets new standards and compliance requirements for every company that holds or processes personal data. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data.
We are happy to say we comply with the new GDPR regulations as a data processor, while also working in conjunction with our customers, the data controllers, to help them meet their GDPR obligations.
To that end we have ensured the following:
1) Where applicable, we enter into data processing agreements with our clients to reflect our data privacy and security commitments.
2) We are committed to helping our clients meet the data subject rights requirements of the GDPR, for which communication protocols are in place.
3) We process and store all personal data with help of vetted, data processing agreement compliant suppliers.
4) We appointed a data protection officer (DPO) to monitor compliance to the GPDR and to advise in all data security and privacy related matters.
5) Data protection impact assessments are an intricate part of our daily business.
6) To prove our efforts in providing appropriate security we are in the process of achieving ISO 27001 certification.
7) All our employees are familiar with GDPR and their responsibilities and are regularly trained.
If you have any questions, please don’t hesitate to contact us.