The introduction of The General Data Protection Regulation (GDPR), which was adopted by the European Union Parliament in April 2016, goes into force on May 25, 2018. From that point forward, organizations of all shapes and sizes from all over the world may face hefty fines if found in non-compliance.
Billed as "the most important change in data privacy regulation in 20 years," this new set of regulations has a substantial impact on the way companies handle the collection and processing of personally identifiable information.
The GDPR regulation not only applies to organizations located in the EU but also to any organization outside the EU that offers goods or services to, or monitors the behavior of, EU data subjects ("people" for the non-lawyers in the room). The law's overarching directive is to empower individuals in the EU to control their personal data. For this reason, the GDPR applies to all companies processing and holding the personal data of people residing in the European Union, regardless of its location. As such, the GDPR is not something that any company can afford to ignore.
We take the security and privacy of the data we collect about our clients seriously, and we've always endeavored to protect and safeguard that information. Accordingly, our internal policies for ensuring compliance with the GDPR framework are mostly just enhancements to our existing practices.
Additionally, because many of our clients across the globe are likely to be subject to the new requirements, we put together this summary that highlights key points about what we're doing to comply ourselves and to help you enhance your culture of compliance, too. Our efforts include:
Privacy Shield Certification
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
These frameworks were engineered to ensure that adequate safeguards are in place when companies like us - or our customers - transfer personal data from the EU or Switzerland to the United States. The Synap platform is certified under Privacy Shield and our parent company, Imagineer is in the final stages of receiving its certification under the framework.
Changes to Legal Documentation
Modifications to Internal Policies & Procedures
We are dedicated to protecting the security and privacy of the information we collect about our customers and will continue to endeavor to safeguard that information. We are making minor adjustments to our existing operational policies and procedures, including our WISP, in conjunction with our internal review of the GDPR regulation.
We will be releasing a handful of product enhancements to our Clienteer, Synap, WebVision, and Fundinsight products. These changes will help to ensure users of those tools (ourselves included) can adhere to provisions related to data subject's rights for access, right to be forgotten, and consent which may be applicable under the GDPR.
The GDPR regulations are propelling a change in the way firms conduct business with EU citizens and place a greater burden on them to thoughtfully care for and secure personal data. Now more than ever is an opportunity to put your own firm’s policies under a microscope to ensure that they will help you adhere with the GDPR as well.
We invite you to join us for a live webinar to review our efforts and answer any questions you have about us, our products, and the new regulations on April 26, 2018 at 2:00pm Eastern.
Click here to register and join in the fun!