
The EU General Data Protection Directive (GDPR) is the most significant privacy legislation in decades, creating a unified set of data protection law across Europe. The GDPR replaces the 1995 EU Data Protection Directive known as European Directive 95/46/EC, fortifying the rights that EU persons have over their personal data. The law will also be adopted and policed by the United Kingdom after Brexit, according to the UK’s ICO website.
Pinnaca is committed to the highest standards of information security, privacy and transparency. Toward this, Pinnaca will comply with the GDPR as a data controller and data processor before the effective date of 25 May 2018, whilst also working closely with our customers and partners to meet contractual obligations for our services and procedures.
Pinnaca began GDPR preparations in 2017 by reviewing and updating all of our internal policies, processes, procedures, data systems, and documentation. Policy by policy, the requirements of GDPR were woven into Pinnaca’s Information Security Management System (ISMS), which is certified under the ISO/IEC 27001:2013 framework by Lloyds Registry. In ongoing efforts toward GDPR compliance, the following activities have been underway:
- Updating privacy statements to ensure transparency regarding consent, right of access, the type of information collected, where it is stored, to where it may be transferred, lawful basis for processing personal data, how to redress personal data, and other aspects required by GDPR;
- Implementing data processing agreements between data controllers and data processors;
- Implementing standard contractual clauses for cross-border data transfers to ensure adequate protections safeguard personal data;
- Updating third-party vendor contracts to meet the requirements of GDPR with proper flow-down terms;
- Updating policies and procedures to ensure data controller and data processor responsibilities are documented and practised between Pinnaca, its partners, and its customers;
- Updating breach notification procedures to detect, report, and investigate any potential data breach.
- Analyzing all Pinnaca systems and features to determine where improvements or additions can be made to make them more efficient for customers that are subject to GDPR;
- Training staff about the importance of GDPR practices and sufficient safeguards that must be observed with vigilance; and
- Implementing security by design into Pinnaca services and technologies platforms.
These and other activities have been tracked by a committed GDPR task force. For any questions about Pinnaca and the GDPR, we welcome you to email us at security@pinnaca.com.