The new EU general data protection regulation comes into force on May 25th. GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. To learn more about GDPR visit the UK Information Commissioners Office website here.
StatPro is committed to complying with the GDPR and has taken several measures to update and enhance our privacy policies and procedures. StatPro is already ISO27001 certified, a standard which deals with many aspects of information security. We have already conducted an external readiness assessment and audit with InteliSecure which found StatPro to be very well prepared for the new regulation.
Our GDPR Statement for StatPro clients can be found here.
The key GDPR principles cover the rights of data subjects, in StatPro’s case, our clients and visitors to our websites, and data processors, in this case, StatPro.
StatPro processes personal data to meet contractual obligations and legitimate business requirements to clients. StatPro also processes personal data to analyse website visitor traffic and for opted-in marketing purposes. For non-client data processing purposes, StatPro requires consent before collecting and/or processing personal data of EU citizens.
It is our responsibility to ensure that any transmission and processing of your personal data is done securely. This includes using encryption for data transmissions and storing of data at rest. We have adopted the standard EU data protection Model Clauses which are standardized contractual clauses used in agreements between service providers and their customers to ensure that any personal data that leaves the EEA will be transferred in compliance with EU data-protection law and meet the requirements of the EU Data Protection Directive 95/46/EC.
As part of our GDPR readiness, StatPro is putting processes into place that allow for the secure removal of personal data once contractual services have ceased. Unsubscribe and ‘remove me’ features within marketing communications also exist and are GDPR compliant.
GDPR also states that any data security breaches are reported to the Information Commissioner’s Office within 72 hours. StatPro has policies and processes in place to ensure this requirement can be met and we also partner with forensic data security specialists in the event of any breach. This partner would work along side our dedicated Information Security Compliance Manager and our Principle Security Architect to ensure that clients are kept informed of any data breaches alongside our compliance with GDPR.
StatPro has implemented the recommended Data Protection Impact Assessment process for all new development and marketing projects that may involve the personal data of both employees, clients, and website visitors. This process ensures that the GDPR requirements are met from the earliest stages of any project.
StatPro is committed to information security and data protection. Our long term certification and external audit to the ISO27001 standards have ensured our processes are aligned with the new GDPR and StatPro will be compliant in line with the May 25th 2018 deadline.