What is GDPR?
On May 25, 2018, the European Union (EU) began enforcing a new data protection regulation, the General Data Protection Regulation, or GDPR. The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
Who does the GDPR impact?
The GDPR applies to organizations located within the EU, and to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU natural persons or ‘data subjects.’ It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.
What steps is Confirmation.com taking to comply with GDPR?
Confirmation.com welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU, and as an opportunity for our organization to strengthen our commitment to data protection.
The following steps have been taken to ensure compliance with the GDPR:
- Implemented a Security Management System
- Appointed a Data Protection Officer
- Appointed a EU-Based Data Protection Representative
- Updated Data Privacy Policies
- All Data Classified as “Most Sensitive” is Encrypted At-Rest
- Annual Data Protection Impact Assessments Performed
- Implemented Data Protection by Design Into All Business Projects
- Created a GDPR Compliant Data Breach Incident Response Plan
- Personal Data Processing Inventory (Article 30 Report) Created and Maintained.
- Implemented Personal Data Loss Prevention Controls
- Enhanced Data Privacy and Security Awareness Training implemented
- Enhanced Encryption For Personal Data in Transit via TLS 1.2
- Created GDPR Compliant Procedures for EU Data Subject Inquiries
- Streamlined Explicit Consent and Withdrawal Procedures Implemented
- Fair Personal Data Processing Notices Created and Sent to Data Subjects
- Implemented GDPR Compliant Third Party Risk Management System
- Registered with the ICO (UK Information Commissioner’s Office) To Provide EU Data Subject Inquiry Recourse
- Certified EU-US Privacy Shield
- Certified Swiss-US Privacy Shield