With the European General Data Protection Regulation (GDPR) coming in to force from 25th May 2018, you may have some questions about what EventMAP is doing to prepare for this important regulation. Below, we have provided answers to questions that we think our customers and key stakeholders will be asking. We will be contacting all our customers and contacts directly over the coming weeks, and updating this regularly, so please check this page for the latest information.
EventMAP is a trusted partner to its customers and stakeholders and wants to maintain its outstanding reputation in both its domestic and international markets. Therefore, compliance with the latest data protection legislation is essential to our business.
We have assessed the potential impact of GDPR on our business and identified the changes that are required across multiple functions to ensure compliance with the increased requirements resulting from the GDPR. A GDPR implementation project plan with key milestones has been drafted. The project is under way and is now in implementation phase.
Our Board of Directors and staff are fully engaged with our GDPR project, which is driven and overseen by our CEO, Dr Barry McCollum.
The products and services that you purchase and receive from EventMAP are being reviewed from a GDPR compliance perspective in order to identify what, if any, changes need to be implemented prior to 25th May 2018.
At the same time, we aim to ensure that our customer contracts reflect the new GDPR where required. We will also take this opportunity to simplify and standardise our contracts and terms and conditions.
We are reviewing our privacy statements and will be updating our notifications across the business to ensure data subjects are informed in accordance with the transparency requirements under GDPR.
With GDPR on the way, we aim to ensure that our teams are all equipped to deal with data subject requests. In addition, we are updating and implementing our policies and procedures and simplifying the way in which data subjects can exercise their rights with EventMAP.
EventMAP already has robust processes and procedures in place to manage compliance under existing data protection legislation. As part of our GDPR project, we will carefully review our current processes and procedures to identify where they need revising to ensure compliance with GDPR. These will include amongst others:
Privacy by design/default: The impact of GDPR will be considered at the design stage of all new products or enhancements to existing products and any requirements incorporated into the design.
Data management: As part of the GDPR project, EventMAP is putting together a data inventory containing a comprehensive overview of all data that is processed: by whom, where and for what purpose.
Supplier management: We are in the process of reviewing existing supplier contracts and, where necessary, these contracts will be amended to ensure compliance with the GDPR. EventMAP aims to ensure that any new supplier contracts will adhere to GDPR.
International data transfer compliance: EventMAP will aim to ensure compliance with the requirements under GDPR for international data transfer. As part of the GDPR project, we will be reviewing our current policy and practice and will update where necessary.
Data protection (security): EventMAP considers privacy and confidentiality of personal data of upmost importance. EventMAP therefore aims to ensure that appropriate technical and organisational measures are in place to protect personal data against loss, abuse and any form of unlawful processing. This will be further clarified in an overall security policy, coupled with an effective and robust control framework in line with industry standards.
Data breach reporting: The security of all data (including personal data) that we hold is of utmost importance to us. EventMAP will implement data security measures, processes and procedures to ensure that, in the event of a breach, it will be detected, investigated and managed efficiently across the business.
PIA: Privacy Impact Assessments have, for a number of years, been promoted by the data protection authorities as good practice. As a responsible data company, EventMAP will conduct Privacy Impact Assessments as part of the compliance approval process for any new initiatives or changes to existing products/services which are likely to have an impact on privacy. See also ‘Privacy by design/default’.
Data retention: EventMAP aims to ensure personal data is stored no longer than necessary, taking into account the nature and purpose for which it was collected and any associated statutory periods that may apply.
Whilst it is important to achieve compliance with GDPR by 25th May 2018, EventMAP is committed to maintaining compliance from 25th May 2018 and beyond. The GDPR project is just a starting point for continuous compliance with GDPR.
This statement was last amended March 2018.