General Data Protection Regulation (GDPR)

Pinnaca began GDPR preparations in 2017 by reviewing and updating all of our internal policies, processes, procedures, data systems, and documentation. Policy by policy, the requirements of GDPR were woven into Pinnaca’s Information Security Management System (ISMS), which is certified under the ISO/IEC 27001:2013 framework by Lloyds Registry. In ongoing efforts toward GDPR compliance, the following activities have been underway:

• Updating privacy statements to ensure transparency regarding consent, right of access, the type of information collected, where it is stored, to where it may be transferred, lawful basis for processing personal data, how to redress personal data, and other aspects required by GDPR;
• Implementing data processing agreements between data controllers and data processors;
• Implementing standard contractual clauses for cross-border data transfers to ensure adequate protections safeguard personal data;
• Updating third-party vendor contracts to meet the requirements of GDPR with proper flow-down terms;
• Updating policies and procedures to ensure data controller and data processor responsibilities are documented and practised between Pinnaca, its partners, and its customers;
• Updating breach notification procedures to detect, report, and investigate any potential data breach.
• Analyzing all Pinnaca systems and features to determine where improvements or additions can be made to make them more efficient for customers that are subject to GDPR;
• Training staff about the importance of GDPR practices and sufficient safeguards that must be observed with vigilance; and
• Implementing security by design into Pinnaca services and technologies platforms.

These and other activities have been tracked by a committed GDPR task force. For any questions about Pinnaca and the GDPR, we welcome you to email us at security@pinnaca.com.