General Data Protection Regulation (GDPR)
bibliotheca Group Commitment
On 25th May 2018, the EU General Data Protection Regulation (GDPR) comes into effect. Its aim is to protect the right to privacy for all EU residents. EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed.
GDPR will impact every organisation which holds or processes personal data. It introduces new responsibilities to protect citizens’ data and to demonstrate compliance with the standards. It also clarifies how EU personal data laws apply outside the EU. GDPR has more strict enforcement and significantly higher penalties than the current Data Protection Act (DPA) which it will replace.
bibliotheca is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards – we’ve always complied with regulations and will continue to do so. Our business leaders and key executives are fully aware of the significance and impact of GDPR on our business, as well as our customers’ businesses.
We have fully assessed the GDPR requirements and have put in place a dedicated internal project team to ensure we meet those new requirements. bibliotheca has also partnered with leading experts in GDPR and Cyber Security to assist us in this process.
We are undertaking risk assessments to include more detailed consideration of the data types we hold and a data protection impact analysis of the personal information we store and process. Additionally, we are reviewing and updating policies such as incident response plans and backup data retention.
Some of our additional initiatives are:
- Reviewing contracts with our third party service providers and amending where necessary
- Employee awareness training
- Creating a culture of privacy by design and working to identify risks and establish processes for Data Protection Impact Assessments for high-risk processing operations
- bibliotheca as a company is committed to providing secure products and services by implementing and adhering to prescribed compliance policies, both as a data controller and processor.
- The upcoming GDPR is critical to our mission of providing EU and all our global customers with safe and dependable business products and services.