Q. : What steps has PelicanCorp taken to prepare for the implementation of the GDPR?
A. : Respecting and protecting the privacy of our customers and their employees is central to the success of our business. As a business, we also recognize that the trust and confidence of our customers are of critical importance to our ongoing success.
We therefore welcome the GDPR as it seeks to provide individuals with additional transparency and control over their personal data. Obviously, complying with the strict new standards which the GDPR will impose presents a challenge for all businesses and their technology partners. As a business which supports many businesses in an online environment, we are meeting that challenge through our dedicated GDPR project team who have developed and are now implementing our GDPR preparation roadmap.
This roadmap has been formulated together with specialist security and data protection consultants and comprises three core stages of:
- Reviewing data processing operations
- Identifying steps required
This project is ongoing. To date, we have already passed several key milestones, including:
- Engaging specialist data protection specialists to advise PelicanCorp on its compliance obligations under the GDPR, including establishing a number of ‘white board sessions’ attended by senior stakeholders from our key teams which handle the most important personal data in our business
- Commencing a review of our core data processing operations to identify the core systems used in our business, what data is held or used in such systems and where such data is stored
- Engaging with our third-party providers, particularly those based outside of the EEA, to understand what steps they are taking to ensure they can process personal data in a compliant manner (including verifying how such providers will comply with the transfers restrictions set out in the GDPR)
- Ensuring that all new key contracts are reviewed by external data protection specialists from a GDPR perspective.
We recognize that the GDPR contains significant challenges to many of our customers and, as a third party provider supplying cloud-based systems, we are committed through the process detailed above to provide GDPR compliant processes, systems and contracts for our customers.