What is the GDPR:
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. Its introduction will strengthen the rights that EU individuals have over their personal data and help in creating a uniform data protection law across Europe.
What does GDPR mean to GIR Holdings:
GIR Holdings welcomes the arrival of the new Regulation. The success of our company builds on the trust that our customers, user communities, and employees have in our ability to deliver quality products and services – this includes our ability to apply a high level of data protection and security in relation to personal data that our customers, employees and third parties entrust to us.
With the new opportunities presented by the GDPR, GIR Holdings is happy to announce that we will comply with the personal data protection requirements on the enforcement date of May 25th, 2018. We look forward to continuously raising the bar of our internal security, privacy, and data protection compliance programs to meet the needs and expectations of our users who entrust their personal data with us.
Our team strives to be a valued resource to our users and clients by helping them understand and comply with the GDPR themselves by choosing GIR Holdings, a knowledgeable and responsible partner in compliance.
Our Commitments to the Regulation:
We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a strong data protection program in place; however, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.
Our organization is committed to safeguarding personal information under our processing responsibility, and in developing effective data protection measures fit for purposes of the new Regulation. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
Actions we’ve taken so far:
GDPR compliance is comprised of many technical and organization practices. Among others, GIR Holdings is updating our documentation and agreements to align with GDPR requirements. We are also revising our internal policies and procedures to ensure that they adhere to the GDPR standard. The large majority of our GDPR compliance initiatives take place within the ‘inner workings’ of our organization as they relate to updates on how an organization is processing personal data. To give some context on our progression, below are some of the steps that we’ve been performing for our customers and user communities as a result of the GDPR:
- Performing a detailed gap analysis between the requirements imposed by the Data Protection Directive and the GDPR, as applicable to the company’s business operations.
- Reviewing and updating internal tools, procedures and policies as necessary.
- Revising data mapping and data inventory practices, record keeping requirements, and updating data retention periods as appropriate under the GDPR.
- Preparing for managing and responding to data subject rights requests under Articles 15-22.
- Updating approach to international data transfers in relation to our EU-US Privacy Shield certification.
- Updating sub-processor contracts to reflect GDPR obligations as they relate to the company’s contracting parties.
- Revising the vendor procurement process to ensure that vendors are ‘vetted’ and can meet the requirements of the GDPR.
- Updating our compliance program with continuous employee training to reflect the changes to be implemented for the GDPR.