We’re improving existing processes rather than a full re-design. These are the additional steps we’re taking to ensure that we meet the requirements of the GDPR legislation.
These are the steps we’re taking to ensure that our processes meet the requirements of the GDPR legislation.
What is the GDPR?
The GDPR (General Data Protection Regulation) is a European Union directive to which the UK will adhere. It replaces the UK Data Protection Act 1998 (DPA). It is designed to allow individuals to better control their personal data – meaning any data that can identify them, regardless of whether it is in a private, public or work context.
Data controllers are the individuals or organisations who determine the purpose for which the data is going to be used (in this context, an Esendex customer). Data processors are the individuals or organisations who process the data (in sending your messages, Esendex is a data processor).
The new legislation puts the responsibility for protecting data subjects’ rights on the shoulders of both the controller and the processor. There will be significant fines for organisations that do not comply.
What is Esendex doing to protect data subjects’ rights?
Esendex is already certified to ISO 27001 standards, which means your information is stored in secure environments to an internationally recognised standard that is externally audited each year.
Many of our financial services and public sector customers have demanding Service Level Agreements which go beyond the DPA, and we have been able to satisfy these.
Esendex is in the process of preparing for the GDPR in several ways:
We are conducting a full audit of all personally identifiable data at Esendex, known as a data lifecycle process: we will map how data enters Esendex, where it is stored, how it is protected, and how it is removed after use.
We are investigating the technical and organisational measures Esendex currently takes to protect personal data, and how these can be improved.
We are receiving assistance from our investor HgCapital’s compliance team, helping us to better interpret the regulation and utilise this knowledge while creating our privacy framework.
We are employing “privacy by design” in all of our product development, including data protection impact assessments where applicable.
All of these initiatives will be completed in time for May 2018 when the GDPR becomes enforceable.
What’s next?
As mentioned earlier, Esendex will be looking to improve upon existing processes rather than a full re-design. We will issue publicly available documentation establishing our compliance with the GDPR ahead of May 2018.
If required, your Esendex account manager will keep you informed of progress towards this goal; please get in touch if that is the case. Otherwise all Esendex customers will be contacted with significant progress updates over the next few months.
