PREPARING FOR THE GDPR
PerceptionBox is Taking Data Privacy Seriously
What is the GDPR?
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The GDPR will automatically become law in all 28 Member States of the European Union and the European Economic Area (EU/EEA).
The GDPR applies to businesses (whether in the EU or not) that are processing the personal data of
individuals in the EU including the personal data of GL customers, their end clients and employees.
What is PerceptionBox doing about the GDPR?
PerceptionBox processes personal data both as a controller and as a processor and we take our obligations under the GDPR very seriously. In order to prepare for the new regime we have undertaken a programme of activities including:
- An audit of our global data processing activities;
- An assessment of data security across our group;
- Ensuring that appropriate terms are in place with our vendors acting as data processors and sub-processors.
for allowing customers to express their marketing preferences: Check our updated cookies policy;
What are PerceptionBox’s commitments to customers and data subjects?
PerceptionBox is committed to complying with the requirements of the GDPR in practice; this means that we are committed to do the following when we are processing data for our clients:
- We only process personal data, that you control and for which you are responsible, at your request, in accordance with the agreement we have with you, a written instruction or as required by law;
- We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing, which may include Endpoint, Gateway and Server Level Security at our premises, strong password policies, daily anti virus updates, use on encryption, SSL VPN for external access, secure access over wired and wireless networks to our systems, central patch management, access control, policies and training among others.
- We take all reasonable steps to ensure that only authorised personnel subject to confidential obligations have access to the personal data;
- We will only engage sub-processors to assist in the performance of the services we deliver to you, with your consent. We will hold sub-processors to terms no less onerous than these commitments made to you;
- We will not deliberately do anything to place you in breach of the GDPR and will tell you if we become aware that your instructions run contrary to what the GDPR permits;
- We will assist you to fulfil any requests received by data subjects (individuals) to exercise their rights or any regulator requests;
- We will inform you straight away after becoming aware of any breach or suspected breach that might compromise your data or put it at risk;
- Where we need to transfer personal data out of the EU/EEA, we will do so subject to appropriate legal safeguards.
This list is not exclusive and the above-listed actions we can provide our clients are regulated with each of our clients individually. Out official statement is that PerceptionBox is committed to meeting all of its obligations as a processor of personal data controlled by our clients or their end clients under the GDPR, whenever it possible.
If you have any questions about our approach to data privacy please contact firstname.lastname@example.org and we will be happy to discuss with you further.