GDPR

Please read these GDPR carefully before using this website

Starting on May 25, 2018, a landmark new privacy law, the General Data Protection Regulation (GDPR), became enforceable in the European Union (EU). At INNOVATE, we are committed to our customers’ success, including their compliance efforts with respect to the GDPR. We’re here to assist our customers with their efforts to comply with the GDPR, through the comprehensive privacy and security protections that the INNOVATE offering provides. Please note that the content on this page is not legal advice and is only provided for informational purposes. For legal advice you should consult with your own organisation’s legal team. INNOVATE cannot be held liable in any way with regard to the content of this webpage.

What is the GDPR?

The GDPR arose, in large part, as a holistic way to update existing, disparate, and sometimes-conflicting laws and regulations across the EU and to strengthen the protection of individuals’ personal data, in light of the rapidly-evolving technological landscape, increased interconnectivity and globalization, and more elaborate international transfers of personal data. The GDPR generally replaces the legacy mix of national data protection laws that are currently in place with a single, comprehensive law, which is directly enforceable in each EU member countries.

More specifically, the GDPR regulates the “processing,” which includes the collection, storage, use, or transfer of personal data about EU individuals. Any organization (regardless of whether it is located in the EU, has an office in the EU, or has no office in the EU) that processes the personal data of EU individuals needs to comply with the GDPR. Critically, under the GDPR, the EU defines “personal data” broadly, so that the law generally covers any information relating to an identified or identifiable individual (a “data subject”).

INNOVATE’s Commitment to GDPR Compliance

INNOVATE is committed to compliance with the GDPR. We view the GDPR both as an important step forward in streamlining and unifying data protection requirements across the EU, and as an opportunity for INNOVATE to strengthen our long-standing commitment to data protection principles and practices.

What should INNOVATE customers do to comply with the GDPR?

If your organization is a controller or processor of EU resident data, it is critical to establish compliant security and privacy practices now that the May 25, 2018 enforcement period has commenced.

The following steps will allow you to achieve compliance:

● Tone at the top is key. Establish support at top levels for GDPR compliance efforts, and designate a data protection officer (DPO) to oversee the compliance efforts.

● Review current security and privacy efforts and perform a privacy impact assessment (PIA) over high-risk data processing activities. Results of the PIA should drive the establishment of new control activities to mitigate the identified risks. INNOVATE is of course able to assist you with a PIA.

● Ensure transparency with data subjects. In some situations, an organization that collects data from European residents must ask for explicit consent from the data subject in order to do so. Additionally, data should only be used for the purposes specified and should only be transferred to third parties disclosed in agreements.

● Keep a record of compliance activities. It always helps to have a detailed record of the work your organization has done to comply with the GDPR. Whether it’s a PIA, policy document, or consent form, etc., documentation of security and privacy practices will assist your organization in demonstrating its compliance with the GDPR.