Hello readers and welcome to my second blog post.
I wanted to provide you with a quick update on the EU GDPR initiative and what CaféX is doing to ensure we are compliant with the new regulations.
A full update will be published in the coming months as we move closer to the May 25th deadline but, in the meantime, below are some answers to FAQs regarding GDPR. Also, here's a link to CaféX Communications' Information Security Whitepaper.
What Is GDPR?
Everyone has heard of GDPR but what is it and what does it mean?
The General Data Protection Regulation (GDPR) is built upon the much older Data Protection Act 1998 (DPA) and is seen as a refresh of its views on the privacy requirements of personal and sensitive data. The original DPA was created 20 years ago when technology was in its infancy and much of the technology we have today simply didn’t exist then. E.g. 10 years ago their was no understanding of an IP address linking to a personal identity. Thus, GDPR has been introduced to ensure that all companies - no matter what size - ensure they are protecting personal and sensitive data seriously.
The GDPR comes into force on the 25th of May in 2018 (just over 2 months from now) for any and all companies around the world which process data on or behalf of EU Citizens.
How will GDPR work?
Is GDPR only a EU (European Union) thing? NO, here’s a simple example of a typical scenario where the GDPR would apply globally: John Smith is on the marketing list of “Global Corporation” that is based in the US. However, John lives in France but has somehow ended up on a product marketing list (e.g. visited a US event or from an internet search result) for his US company. He is a French/EU citizen and under GDPR, your company requires consent in order for him to keep receiving emails.
Meanwhile, if a given company or organization does not process any data of any person within the EU, then the GDPR does not apply to that company or organization.
GDPR revolutionizes the way we think about personal data/communications and Global companies will have to take into account actual end user location not just online published locations.
How CaféX will ensure GDPR compliance?
Behind the scenes, CaféX Information and Security team been very busy preparing for the GDPR to ensure that our customers’ data is protected and that we remain compliant across our full range of products and services.
We have set up a dedicated compliance programs page which can be found here - https://compliance.cafex.com/en/compliance-security/compliance-programs/ - along with GDPR-specific compliance information here - https://compliance.cafex.com/en/compliance-security/eu-gdpr/
- We have developed a number of new policies and procedures that will assist you with your compliance programs
- We have completed our Data Privacy Impact Assessments for all our products and internal services
- We have engaged with an information security consultant Agenci (https://www.theagenci.com/)
- We have continued to develop our products and code using the Security by design principle and our development teams have been working hard to ensure our products are compliant, as secure as ever, and to ensure that your company remains compliant when use any CaféX service
- Our devops team are aligned with the understanding of CIA, security by design principles of data privacy.
- We have engaged with our 3rd party suppliers/processors to ensure that they take information security as seriously as we do and adhere to the GDPR guidelines; a number of new processor agreements in due to be signed in the coming weeks
For any questions relating to GDPR, subject access or right to be forgotten requests please email us - firstname.lastname@example.org - and/or visit our complete website on Compliance and Information Security: https://compliance.cafex.com.