Yes I am interested in a quick scan, please contact me to discuss the next steps.
Prime Vision has taken the necessary actions to comply with The General Data Protection Regulation (GDPR). This mandatory regulation/legislation came into force in all EU countries on the 25th of May 2018. For the purposes of good practice support, individual Member States shall issue national legislation in which the national competent authorities define inspections and sanctions related to the subject matter. This process is still ongoing.
What has Prime Vision done to adapt its operations with respect to GDPR?
Prime Vision has taken action on various levels and processes. These actions can be divided into the following categories:
Prime Vision has explicitly appointed a Security Officer to shape the consequences of the introduction of GDPR;
Updating the existing ISO Quality Information Management System for the ISO9001 and ISO 27001 with regard to the relevant legislation for Prime Vision (Personal Data Protection Act and the Data Leakage Act) will be incorporated into the GDPR;
Creating awareness among all its employees by making them aware of the consequences of the new GDPR legislation;
With all departments and especially with HR, the consequences with regard to the new rights (right to information, access, portability and deletion or forgetting) of its various (target groups) have been determined. To this end, an extensive information analysis process was carried out. For the other Sales and Services departments, similar processes have been started or are already underway. In all these trajectories, it is investigated which information is recorded and why (basis for retention) this is done. If there is no basis for recording information (e.g. number of children, names of children of employees), this information is removed. The retention period and the method of removal is determined;
A Data Protection Impact Assessment (DPIA) procedure is available to determine whether a project should carry out a risk assessment. For new applications Prime Vision explicitly requires that adequate security measures are implemented to protect personal information and only store and process data that is strictly necessary for the purpose of the application. Adequate data management facilities also must be realised;
An inventory has been made of the processing agreements Prime Vision has (issues or requests) and whether these need to be modified. New processing agreements have been concluded with all suppliers. With the arrival of GDPR, the necessary terms have changed. The (new) processing agreement is actually the old processing agreement in a new format.