Are you ready for the General Data Protection Regulation (GDPR)?
On 25 May 2018, the General Data Protection Regulation (GDPR) will come into force in the European Union (EU), replacing existing data protection laws throughout Europe and introducing a plethora of new, far-reaching changes.
We will never share your email
It requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within the EU member states and also regulates the exportation of personal data outside of the EU. Personal data may refer to a wide range of categories, including name, identification number, location data or online identifier.
With the vast amount of information about individuals processed on third party compliance and background screening technologies, it is essential that platforms, operational teams, policies and procedures meet the stringent demands of this new legislation.
Blue Umbrella is prepared for GDPR. We have software, hardware, structure, policies and procedures aligned to comply. Below, please find information relevant to the requirements set forth by GDPR.
The focus of GDPR-related changes includes:
- Global application of European data protection law
- A new data breach obligation, where businesses must inform relevant European data protection authorities of a breach within 72 hours wherever possible
- New requirements for data privacy governance, data mapping impact assessments, and may require businesses to appoint a data protection officer (DPO)
- Requirement to implement ‘privacy by design’, where businesses must proactively ensure data privacy standards wherever personal data is processed
- Strengthening the rights of individual persons to their personal data, including the right for erasure, right to restrict processing and right of access
WHO IS INVOLVED?
The GDPR applies to any company that stores or processes personal information about EU citizens within the EU states which impacts the rights and freedoms of data subjects, regardless of whether or not they have a business presence in the EU.
To ensure compliance within companies, the GDPR has defined several roles:
- Data Controller: defines how and why personal data is processed, and is responsible for ensuring contracts with data processors comply with the GDPR
- Data Processor: responsible for processing personal data on behalf of a controller
- Data Protection Officer (DPO): appointed individual required for some companies that monitor compliance with the GDPR and other data protection laws
WHAT ARE THE STAKES?
The GDPR takes a tiered approach to fines and non-compliant companies may be fined up to €20 million or 4% of global annual turnover, whichever figure is larger. Infringements that are less severe can result in smaller fines.
No need to worry, Blue Umbrella is already prepared, having taken the following steps:
- Data center in Europe that manages European data and personal information
- Strict physical security and protected access to files
- Third party audits and penetration tests of our system
- Operating centers with ISO: 27001 2013 Information Security Management System Certification
- Vetted, specially-trained, in-house researchers and employees
- Comprehensive data records
- Security protocols integrated into technology and operations by design
DATA FROM EUROPE STAYS IN EUROPE
In compliance with the GDPR, our data center in Europe stores, processes and transmits data for our European clients within the European Union. Our systems are designed for privacy to ensure the human data behind your processes are well-protected.
COMMITMENT TO DATA PROTECTION
Blue Umbrella has worked extensively to ensure the protection of your data, with specialized disaster recovery plans. Our office locations are protected by high levels of physical security, with CCTV, 24/7 security guards and restricted access to secured servers, files and offices. Our strict authentication system is built to combat data privacy issues, with encrypted data backups and transaction log backups at the source. All data access on our platforms is granted to research analysts on a need-to-know basis, ensuring that only authorized individuals have access to sensitive data.
PUTTING OUR SYSTEM TO THE TEST
In order to provide further protection against data breaches and privacy leaks, we ensure our servers and systems undergo rigorous third party IT audits and penetration tests. Third party penetration tests are conducted at least annually and internal penetration tests are administered on a regular basis. Our operating centers have achieved ISO: 27001 2013 Information Security Management System Certification.
ALL IN-HOUSE STAFF, ZERO SUBCONTRACTORS
All of Blue Umbrella’s employees across the globe are in-house personnel who have passed rigorous background checks. They have been trained on privacy and data security procedures that are used in highly regulated industries. Our research, conducted in-house and only handled in-house, is of excellent quality and consistency, empowering us to create accurate and quality-assured deliverables.
DOCUMENTED DATA PROCESSING
To monitor internal actions taken and to extensively document data access, we keep comprehensive records of user actions within our system and data transfer between systems, providing accountability, transparency and a map of personal data.