The European Union has implemented a new law regarding the protection of EU residents’ privacy rights. This new law is called the General Data Protection Regulation (GDPR) which will be effective May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, and disposed. This law applies even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, has the obligation to comply with the GDPR. Freeman is well aware of its role in this new framework and is working to provide the tools and processes needed to support its customers’ rights and meet our GDPR obligations.
At Freeman, we have a culture of respect for our customers, suppliers and all third parties we interact with. Over the years, we have demonstrated our commitment to data privacy and protection by meeting the Payment Card Industry Data Security Standards, and maintaining SOC 1 Type 2 and SOC 2 Type 2 reports for our data hosting environments. We are also revising our Data Processing Agreements to meet the requirements of the GDPR. We recognize that the GDPR will help us move towards the highest standards of operations in protecting third party data.
How is Freeman preparing for GDPR
Freeman is gearing up and building a framework across all its applications to be GDPR compliant. Freeman understands its obligation to work with our customers and suppliers to get ready for the big day. We have thoroughly analyzed GDPR requirements and have put in place a dedicated internal team to drive our organization to meet them. Some of our ongoing initiatives are:
- Identifying personal data - Each of our offices and applications undertakes a different level of personal data collection, usage, storage and disposal. Defining the purview of personal data for each of these applications and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to implementation.
- Providing visibility and transparency - The most important aspect of GDPR is how the collected data is used. Freeman is exploring ways to make optimal product enhancements without compromising on performance so that we can provide better transparency to our customers.
- Enhancing data integrity and security - Data privacy and data security are two sides of the same coin. As our customers tighten their data security measures, Freeman would like to extend a helping hand. We're streamlining our processes by updating IT policies and procedures that provide end-to-end security.
What should you do to be GDPR-ready?
We understand that meeting the GDPR requirements will take a lot of time and effort. And, we want to help you make your process as seamless as possible, so that you don't have to worry about compliance and can focus more on running your business. If you are just getting started with GDPR in your organization, here's a quick to-do list to keep in mind:
- Create a data privacy team to oversee GDPR activities and raise awareness
- Identify the Personally Identifiable Information (PII)/Personal data that is being collected
- Analyze how this information is being processed, stored, retained and deleted
- Review current security and privacy processes in place & where applicable, revise your contracts with third parties & customers to meet the requirements of the GDPR
- Assess the third parties with whom you disclose data
- Establish procedures to respond to data subjects when they exercise their rights
- Create processes for data breach notification activities
- Continuous employee awareness is vital to ensure continual compliance
For more information on Freeman's GDPR efforts, please contact us at firstname.lastname@example.org