Ready with the GDPR Compliance
Your Data is in Safe Hands with Us
An important change is happening all across Europe on Friday 25th May 2018. The EU Parliament has designed a new set of data privacy laws which will replace the current Data Protection Directive – this new legislation is called GDPR (General Data Protection Regulation) and it is relevant to, not only companies who trade within the EU, but to everyone who deals with EU companies. Boon Edam, an industry leader in security entrances, are ready to ensure our customer’s information is protected and that we are compliant by this critical date.
Your Privacy is Important
The primary goal of the GDPR legal framework is to give EU citizens back control over their personal data. By definition, personal data is any information about an identified person which makes them unique. Such information includes their name, employer, date of birth, purchasing history via payments etc. This type of data is commonly referred to as PII (Personally Identifiable Information) and when it comes to this – very little is actually kept on anybody outside of our own business and direct employees – which is great to know.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
However, Boon Edam, like all organisations, cannot do business without processing some personal data belonging to our internal colleagues, suppliers and our customers (only within our internal systems). As we are well down the road towards being GDPR compliant, we have already done the relevant assessments, revising our policies and documents and conducting training to ensure all our people and partners are both aware and informed correctly about what personal data is being processed and saved.
Global Safety and Transparency
Since Boon Edam processes customers personal data and communicates with a variety of external stakeholders (including suppliers), it has become necessary that we formulate transparent data processing agreements with our external parties. In such agreements mutual and legal responsibilities and liabilities are determined - this is to ensure that your personal data is in safe hands with us. Not only in the country that you are doing business with, but in all Boon Edam subsidiaries around the world.
The new regulation states that data may only be kept for a lawful purpose, and should not be kept longer than is needed for that purpose. Data also needs to be accurate and to be safeguarded against unauthorised access, loss or destruction. With the GDPR compliance, customers are not only allowed to know what data is being kept from them, but they will also have the right to have this data corrected or removed.
The CIA triad of information security is a benchmark model used to evaluate the information / data security of a company. The acronym stands for confidentiality, integrity and availability. This is a widely applicable security model which uses 3 key principals to guarantee a secure cyber environment.
Boon Edam already is committed to continually seeking to ensure that the three core goals of confidentiality, integrity and availability of the data we store or process is a top priority. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.
Cyber Essentials Certification
We have processes already compliant with ISO 9001:2015 for Quality Management Systems and our UK subsidiary has achieved ‘Cyber Essentials’ certification - which demonstrates our commitment to cyber security and the safety of information. We have an active training program in our own university e-learning (LMS) which caters for ongoing GDPR, cybersecurity awareness as well as ISO, and encourage all our employees to keep themselves up to date with the compliance in these important areas.
We are hard at work ensuring that we are well on the way to being fully GDPR compliant by the May 2018 deadline and have already done the following:
- A Privacy Impact Assessment has been performed by interviewing Boon Edam colleagues.
- We know what the privacy risks and impacts of the personal data types we process are and how we need to manage these risks and impacts.
- We are happy to see that our SAP implementation will decrease the amount of systems that process personal data.
- Supplier and Customer contracts / agreements of every Boon Edam subsidiary are in the process of being reviewed / revised with the inclusion of GDPR clauses.
- A control and follow-up mechanism will be set up.
There is More
The topic of GDRP is complex. If you are interested in knowing the full extent of what is expected of all EU companies and their consumers– take a look here. We are all in this together, and are truly committed, as a security entrance provider and partner, to complying with this new legislation. We are doing everything we can with a great team driving the process.
For more information about how to create a welcoming, accessible and safe entrance for everyone, please contact us.
Written by Kevin Tol, GDPR Project Leader – Boon Edam
Kevin Tol has been with Boon Edam BV for five years. Prior to his current role, he completed an internship and subsequently graduated (in business administration) on his thesis: ‘Corporate Social Responsibility within Boon Edam’. His daily role as a quality systems officer is concerned with maintaining the organisations quality and environmental management systems. Kevin is part of a team which keeps these systems up-to-date, ensuring optimum process efficiency and results. Kevin is now the GDPR Project Leader for the Group, and in this role, is responsible for coordinating the GDPR project and compliance for Royal Boon Edam International BV.