In 2016, the EU adopted General Data Protection Regulation (“GDPR”). The GDPR is now recognized as law across the EU. GDPR enforcement begins on 25th May 2018.
Siber Systems Inc. (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding both personal and business product lines of our GoodSync product family, related technical services and supporting programs (e.g., payment processing/license management and online technical support portal) to meet the demands of the GDPR.
GDPR Compliance Completion Checklist
We have identified that the only technical item remaining to be implemented for full compliance with GDPR is the gathering of the consent from European users prior to collecting, transferring and storing their data on a server in the United States of America. We are committed to being in full compliance with GDPR by the May 25 deadline.
We have identified that we DO NOT store any sensitive personal data as it is defined by GDPR. We only store the minimum of non-sensitive personal data that is required to conduct business (e.g., perform sufficient authentication within the product or to process a payment).
We have identified what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed, as well as GDPR compliance of downstream data processors.
How We are Preparing for the GDPR
Siber Systems Inc. already have a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR by 25th May 2018. Our preparations include but are not limited to:
- Revising policies & procedures
- Training employees
- Revising of privacy polices
- Obtaining user consent in DGPR-compliance manner
- Revising direct marketing procedures
- Performing data protection impact assessments for each of the products and services
- Obtaining Processor Agreements with downstream processors (e. Payment Processing)
- Assuring rights of data subjects to obtain a copy of personal data, to correct that data and to request deletion of certain types of data.
- Introduction of GDPR-specific e-mail contact address: firstname.lastname@example.org
Please contact us if you have any questions or concerns about the rights of you or your employees. You can respond to this email or contact us at email@example.com .