The EU’s General Data Protection Regulation (GDPR) takes effect this month. As one of the most important pieces of legislation on data privacy, the GDPR includes some sweeping rules and requirements that will impact the ways businesses process the personal data of EU individuals.
At GCS, we take this opportunity to enhance how we handle our partner’s and customers’ data. We’ve been working to make our data management practices more transparent and more secure, not only to help us prepare for the GDPR, but more importantly to maintain our commitment to the privacy and protection of your data.
Below, we talk about how the GDPR applies to GCS and outline the steps we’ve taken to ensure we comply with the new regulation. Please note that the information contained in this resource is provided for informational purposes only and shouldn’t be construed as legal advice.
On May 25, 2018, the GDPR will finally come into force. The GDPR is a set of laws that greatly improves the protection of personal data for EU citizens and residents, while at the same time increasing the duties and responsibilities of companies that collect and maintain such information.
Here are some key highlights:
GCS has no operations, employees, partners, or contractors in the EU. However, to the extent that GCS “monitors” EU individuals via the Internet (for example, through their use and access of the GCS website), we believe the GDPR may apply to us under this condition. This is accordingly where we focus the bulk of our efforts at GDPR compliance.
As of May 25 implementation of the GDPR, we’ve carried out a thorough review of our data processing practices and have taken the following steps:
|Data Protection Officer (DPO)||We have designated a DPO to oversee GDPR compliance and carry out the responsibilities described under Article 37.||Completed|
|Security of Processing||Whatever data we collect and store, we ensure that these are all completely secure and have implemented SSL encryption on all our websites and online services for secure communication. We have also implemented real-time alerts, security logging and monitoring of our servers and online services and also do scheduled audit checks of server logs.||Completed|
|Conditions for Consent||We have taken steps to ensure that data subjects freely provide consent, and that consent is given through positive opt-in.||Completed|
|Breach Reports||We have implemented a plan to notify the right supervisory authorities and data subjects within 72 hours after discovery of a security breach involving personal data.||In progress|
|Controller-Processor Relationships||As data controller, GCS ensures the security of data subjects’ personal data by signing data processing agreements with each of our data processors.||In progress|
GCS has committed to compliance with the GDPR and our services already include the functionality necessary for our operations and processes to comply. We have examined the relevant provisions of the GDPR that pertain to the data we keep and we are closely tracking additional applicable GDPR guidance being issued.
Steps taken concerning our contact database:
©2019 Grace Consultancy Services. All Rights Reserved.