General Data Protection Regulation It’s all about trust.
BICS has always been committed to the security and privacy of its customers’ and partners’ information. Regulatory compliance is a key pillar of any business strategy and we know that ultimately, it’s all about trust.
On 25th May, 2018, a comprehensive new set of rules known as General Data Protection Regulation (GDPR) will come into effect in the European Union (EU), redefining the way BICS and other companies collect, store, and share personal data.
As a result, last year BICS launched an extensive global GDPR initiative to ensure we will be 100% prepared to meet GDPR requirements.
BICS is committed to proactively embracing the requirements of GDPR for its customers and partners in the EU, whilst using this as an opportunity to further enhance BICS’ privacy compliance strategy across the world.
What changes under GDPR?
General Data Protection Regulation (GDPR) will replace the European Union’s original privacy laws contained in the Data Protection Directive 95/46/EC, which went into effect two decades ago. The purpose of the new GDPR regulation is to update the EU’s privacy laws to take into account the latest developments in technology, harmonise data privacy laws across the EU, provide additional rights and protection for all EU citizens in relation to how organisations process their personal data, and lead the way on how organisations approach data privacy.
Individuals have the right to:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export personal data
Organizations are required to:
- Audit and update data policies
- Protect personal data using appropriate security
- Notify authorities of personal data breaches
- Provide clear notice of data collection
- Obtain appropriate consents for processing data
- Train privacy personnel and employees
- Employ a Data Protection Officer (if required)
- Outline processing purposes and use cases
- Define data retention and deletion policies
- Keep records detailing data processing
- Create and manage compliant vendor contracts
What is BICS doing to be GDPR-compliant?
In an ever more connected and digitised world, we welcome the modernisation of EU data privacy laws with the enforcement of GDPR. We believe that GDPR is an important step forward for clarifying and empowering individual privacy rights.
We are committed to GDPR compliance across our solutions when enforcement begins on 25th May, 2018, and we have adopted several initiatives across our organisation to ensure we are compliant:
Extensive Internal Audit
Last year BICS launched an extensive internal audit to make sure that we are 100% prepared to meet the GDPR requirements
Action Plans for Compliance
- Action plans were elaborated and executed to ensure our preparedness
- Compliant vendor contracts were adopted
- Investments in IT & training were made
Data Protection Officer
A Data Protection Officer position was created and appointed