GDPR Customer Statement
The European Union (EU) has introduced the General Data Protection Regulation 2016/679 (“GDPR”), which is a new privacy regulation containing security and privacy requirements to fully protect data belonging to EU based individuals.
GDPR was adopted by the European Parliament in April 2016 and goes into effect on May 25, 2018.
GDPR is applicable for companies based in and out of the EU where data collection and personal data handling from EU-based individuals is in play. Any information which can be used on its own or with other information to locate, contact or identify a single person such as names, identification numbers, online identifiers, location data, or any other factors specific to the individual’s genetic, physical, mental, physiological, cultural, economic, or social identity is considered to be Personally Identifiable Information (PII).
In order to be in compliance with GDPR, any company handling or collecting PII. I pertaining to EU-based individuals needs to ensure their data management protocol adheres to all requirements detailed within GDPR.
Included in the requirements for GDPR are cross-border data flow mechanisms, technical/operational security measures, notice & consent, accountability and data minimization.
- Security audits: Records of security practices must be maintained by companies and regular audits to assess the effectiveness of the established security program must occur. If any breaches are identified, corrective measures must be taken immediately.
- Data security: It is mandatory that companies put in place strict controls, including physical, technical and administrative. In accordance with GDPR requirements, incident management, data integrity, confidentiality, encryption, availability and resilience are required as part of the security program for any company handling EU-based data. Implemented controls must serve to prevent information leaks, data loss and unauthorized data access.
- Data breach notification: Companies must immediately notify regulators, clients, and any and all impacted individuals once they become aware of a data breach which could potentially impact data controlled or processed by the company.
For over a year, Protranslating has been re-addressing security at all levels to account for broad changes. The company has carefully assessed all relevant GDPR details, and has ensured they have been appropriately matched with the company’s privacy roadmap and security policies and controls. The company has made the decision to offer the same level of compliance for any user, regardless of their nationality or place of residence, in anticipation of GDPR spreading globally. The company is actively in pursuit of both a SOC 2 report and ISO 27001/27002 certification as part of their commitment to match all GDP requirements.
Protranslating’s technology and service offerings have pre-established privacy and security features already in place, putting our customers in control. Protranslating’s commitment is to help customers, regardless of location or nationality, maintain stringent controls and accountability for all online and offline offerings through which customer’s personal data may be attainable.
Protranslating’s Cloud-based offering relies on industry-leading partners and data providers, each with SOC 2 reports that are re-issued on an annual basis. Data protection is managed throughout the entire data lifecycle, and our commitment is to continuously improve on data handling throughout our existence as a service provider.
As needed, please contact your Protranslating representative for further clarification.
Disclaimer: This document must not be used as legal advice about any law or regulation. To understand the GDPR, customers must seek their own legal counsel. Copyright © 2018, Protranslating.