GDPR and binding controls
On 27 April 2016, the European Union adopted the EU General Data Protection Regulation (“GDPR”),which will replace the current EU Directive 95/46/EC and will enter in force on 25 May 2018. The GDPR introduces new requirements for all companies processing personal data of individuals located in the European Economic Area (“EEA”). Among others, the GDPR requires companies, like you and Perseuss, to include specific provisions in their data processing agreements and to clarify their respective roles and responsibilities when handling personal data.
In addition, Perseuss is pleased to announce that it has implemented a set of Binding Controls (BC), recognized as providing an adequate level of protection to the personal data we process globally. To that end, Perseuss must reflect the BC requirements into all our agreements with you.
Set up a Data Processing Register
The Data Processing Register of Perseuss lists all the Data Controllers, Contact information, Lawful Processing Grounds, Data Subjects, Personal Data elements, Third Parties, Retention Periods that apply to us as business.
Documented the PII Data Flows
Our data flows detail & visualize all Personal Identifiable Information that is processed within Perseuss and/or its Systems.
Lawful processing of personal data / Link (personal) data with the purposes for which it has been collected
As a data processor we have listed the law-full processing grounds for each customer.
Strengthened contractual requirements & Updated Data Processing Agreements
Based on the GDPR requirements we have updated our contracts including our Data Processing Agreements
Implement Privacy & security by design (& by default) requirements
Our systems were built on the concepts of security & privacy by design (hashing etc.). For the GDPR we have implemented additional controls to further strengthen our organization.
Stricter Data Processing Agreements with external service providers
Although Perseuss has kept its external service providers to a minimum for security & privacy reasons. We also have reflected the stricter GDPR requirements up to our supplier contracts.
Updated processes & systems to meet Data Subjects Rights (Object, Change, Remove)
Our systems have been updated so we can support & register any Data Subject performing it's Rights under the GDPR.
Support for conducting data protection impact assessments
To support our data controllers and for Perseuss as a data processor we are prepared to assist in performing Privacy Impact Assessments.
Appoint data protection officer
We have a appointed a specific role in our organization for our data protection efforts.
If you want to find out more about the GDPR, please visit this website.