THE GENERAL DATA PROTECTION REGULATION (GDPR)
On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) was enforced in the European Union (EU). The GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability, expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU residents’ personal data. GDPR promotes better accountability for handling the personal data of customers and employees through better data accounting and by introducing a risk-based approach, which enables innovation and participation in the global digital economy.
Printec is committed to respecting and protecting the privacy of personal data, no matter where they come from or where they flow, is important to Printec. Printec complies with mandatory privacy laws worldwide, and continuously works towards compliance by implementing a Group-wide Program that:
- is based on a risk based approach following uniform methodology in all Printec entities
- examines every aspect of our operations
- ensures everyone’s involvement and commitment
Transfer from EU to rest of the World
Printec has an application under review for accreditation under the EU Binding Corporate Rules with policies fully aligned to GDPR.
Security and confidentiality
Printec commits that appropriate technical and organizational measures to protect personal data have been implemented against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Policies and Standards
We have updated our existing privacy and data protection policies and internal standards and governance with particular regard to personal data lifecycle, individual rights, data breaches, data access, and security. The main principles of our policy are reflected in our privacy statement and our Code of Business Conduct and Ethics.
Knowing what data we hold is key in managing them appropriately and consistently. Based on a cross-functional, company-wide effort, we inventory and map the data that each unit within Printec processes. We also inventory our products and services. This allows us to identify and understand how we handle data, including what we have, how are we protecting them, what we are doing with them, where they are, where they flow, who has access to them, and why.
Data Risk Management
Data risk management requires understanding the threats, vulnerabilities and risks associated with processing (e.g., collecting, exchanging, storing, deleting) the specific types of personal data we handle. By conducting Data Privacy Impact Assessments (DPIA) for our own internal business processes, measuring the effectiveness of policies, processes and controls, we constantly try to manage risks to an acceptable level and identify the current strengths and opportunities in the data protection practices of Printec.
We have implemented a thorough, organization-wide data incident response process that is integrated in our business continuity processes. Our cross-functional incident response team consists of personnel from multiple departments and countries. Our team provides guidance and takes responsibility for remedial actions based on members’ business function and role. Any incident or potential data breach will be handled by a subgroup of the incident response team since due to possible legal/regulatory implications, a different management process may be required.
Training & Awareness
Printec conducts a Data Protection Awareness program (including campaigns) in a variety of multi-media (on-line, print, video, live sessions) and languages, which aims at providing general training to all personnel and specific training to personnel who have permanent or regular access to personal data. Specific modules taking into account local specificities are also being developed. The attendance to the Data Protection Training is mandatory and in order to facilitate the participation of Printec employees we maintain an active intranet for collaboration and communications at all levels within the company. Beyond basic awareness training, Printec encourages & supports employees to pursue further training opportunities.
Let us know if you have any questions with respect to Printec and GDPR or need support for your data handling activities. Please contact Printec Data Protection Office at firstname.lastname@example.org or by completing the contact form and we will address all your questions and support your individual needs.