The General Data Protection Regulation (GDPR)

On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability, expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU residents’ personal data. GDPR promotes better accountability for handling the personal data of customers and employees through better data accounting and by introducing a risk-based approach, which enables innovation and participation in the global digital economy.

Our Commitment

Protecting the security and privacy of personal data, no matter where they come from or where they flow, is important to Printec. Printec complies with mandatory privacy laws worldwide, and is working to be ready for the GDPR by implementing a Group-wide Program that:

  • is based on a risk based approach following uniform methodology in all Printec entities
  • examines every aspect of our operations
  • ensures everyone’s involvement and commitment

 

Transfer from EU to rest of the World

Printec has an application under review for accreditation under the EU Binding Corporate Rules with policies fully aligned to GDPR.

Our Program

Policies and Standards

We have updated our existing privacy and data protection policies and internal standards and governance with particular regard to personal data lifecycle, individual rights, data breaches, data access, and security. The main principles of our policy are reflected in our privacy statement and our Code of Business Conduct and Ethics

Data Inventory

Knowing what data we hold is key in managing them appropriately and consistently. Based on a cross-functional, company-wide effort, we inventory and map the data that each unit within Printec processes. We also inventory our products and services. This allows us to identify and understand how we handle data, including what we have, how are we protecting them, what we are doing with them, where they are, where they flow, who has access to them, and why.

Data Risk Management

Data risk management requires understanding the threats, vulnerabilities and risks associated with processing (e.g., collecting, exchanging, storing, deleting) the specific types of personal data we handle. By conducting Data Privacy Impact Assessments (DPIA) for our own internal business processes, measuring the effectiveness of policies, processes and controls, we constantly try to manage risks to an acceptable level and identify the current strengths and opportunities in the data protection practices of Printec.

Incident response

We have implemented a thorough, organization-wide data incident response process that is integrated in our business continuity processes. Our cross-functional incident response team consists of personnel from multiple departments. Our team provides guidance and takes responsibility for remedial actions based on members’ business function and role. Any data breaches will be handled by a subgroup of the incident response team since due to possible legal/regulatory implications, a different management process may be required.

Training & Awareness

Printec conducts a Data Protection Awareness program (including campaigns) in a variety of multi-media (on-line, print, video, live sessions) and languages, which aims at providing general training to all personnel and specific training to personnel who have permanent or regular access to personal data. Specific modules taking into account local specificities are also being developed. The attendance to the Data Protection Training is mandatory and in order to facilitate the participation of Printec employees we maintain an active intranet for collaboration and communications at all levels within the company. Beyond basic awareness training, Printec encourages & supports employees to pursue further training opportunities.

Related resources

Code of Conduct

Code of Conduct

Code of Coduct
GDPR Awareness metrics

GDPR Awareness metrics

GDPR Awareness metrics