Introduction
In April of 2016, the European Union approved a new data privacy regulation, the General Data Protection Regulation. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to unify data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. Enforcement of this regulation begins May 25, 2018. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data and data privacy. GADOT Group is aware of its requirements and role in providing the right processes and applications to support our customers and internally meet the GDPR mandates.
GADOT Group's Commitment
At GADOT Group, we have always honored our customers' right to data privacy and protection. As an Israeli company, GADOT Group has a responsibility to ensure the data and privacy rights of its employees and customers are met.
GADOT Group has no necessity to collect and process customers' personal information beyond what is required for the delivery of its services.
We recognize that the GDPR will help us move towards the highest standards of operations in protecting customer data.
How is GADOT Group preparing for GDPR?
GADOT Group is preparing to be GDPR compliant across all of its services and processes, by the time the regulation comes enforceable.
We have analyzed GDPR requirements and have put in place a dedicated internal team to drive our organization to meet them.
Some of our ongoing initiatives are:
- Identifying personal data –GADOT Group evaluates for all personal data the collection, usage, storage and disposal. Defining the processing activities for all personal data and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to the implementation.
- Providing customer support – An important aspect of GDPR is how the collected data is used. As a data controller, GADOT Group's key role is to provide our customers with the knowledge to effectively protect their user data. GADOT Group will update and conclude processing agreements where required and explore how processing activities are performed.
- Enhancing data integrity and security – Data privacy and data security are important aspects of the GDPR. GADOT Group will update processes, IT policies and procedures to ensure end-to-end security.
What does this mean for our customers?
We understand that meeting the GDPR requirements will take a lot of time and effort.
As your provider of GADOT Group services, we work to ensure you that security best practices are implemented, and Data Processing Agreements are put in place.
What are we doing to be GDPR-ready?
For GDPR compliance in our organization, we will do the following things:
- Create a data privacy team to oversee GDPR activities and raise awareness
- Review current security and privacy processes in place & where applicable, revise your contracts with third parties to meet the requirements of the GDPR
- Identify the personal data that is being collected and create a data register for the personal data
- Analyze how this information is being processed, stored, retained and deleted
- Assess the third parties with whom we disclose data
- Establish procedures to respond to data subjects when they exercise their rights
- Establish & conduct Privacy Impact Assessment (PIA)
- Create processes for data breach notification activities
- Continuous employee awareness is vital to ensure continual compliance to the GDPR