The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Redsquid is aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.
Redsquid's GDPR Statement
Redsquid have always taken our client’s right to data privacy and protection seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us. We recognise that the GDPR will help us move towards the highest standards of operations in protecting customer data.
How is Redsquid preparing for GDPR?
Redsquid already have a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR by 1st May 2018. Redsquid understand our obligation so we have thoroughly analysed GDPR requirements and have put in place a dedicated internal team to drive our organisation to meet them.
Some of our ongoing initiatives are:
Identifying personal data
We have identified all areas and assessed what client information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed. Redsquid have consolidated our data and information thus removing the potential of duplicating client information and our online CRM has been interrogated to remove any duplicate data.
Providing visibility and transparency
An important aspect of GDPR is how the collected data is used. Redsquid’s role is to provide our clients with the products and services they require and give them the access to effectively manage and protect their user data. Redsquid is exploring ways to make optimal procedure enhancements without compromising on service providing transparency to our customers.
Redsquid are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
We are revising our privacy notices to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
Enhancing data integrity and security
Data privacy and data security are essentially the same thing. As our clients tighten their data security measures. Redsquid would like to extend a helping hand. We are streamlining the processes for cloud applications by implementing IT policies and procedures that provide end-to-end security. Redsquid can assist our clients to implement the same security and policies. Our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been communicated to all employees, making them aware of the reporting lines and steps to follow.
Portability and transferability of data
GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility even at the individual level.
Our continuing methods
• Continuous employee awareness is vital to ensure continual compliance to the GDPR.
• Create processes for data breach notification activities.
• Continually review our security and privacy processes in place and where applicable, revise
our contracts with third parties and customers to meet the requirements of the GDPR.
• Identify the Personally Identifiable Information (PII)/Personal data that is being collected.
• Analyse how this information is being processed, stored, retained and deleted.
• Assess the third parties with whom we disclose client data.
If you have any questions about our preparation for GDPR, please contact our data protection officer, David Richardson, [email protected]