We have updated our existing privacy and data protection policies and internal standards and governance with particular regard to personal data lifecycle, individual rights, data breaches, data access, and security. The main principles of our policy are reflected in our privacy statement and our Code of Business Conduct and Ethics.

Knowing what data we hold is key in managing them appropriately and consistently. Based on a cross-functional, company-wide effort, we inventory and map the data that each unit within Printec processes. We also inventory our products and services. This allows us to identify and understand how we handle data, including what we have, how are we protecting them, what we are doing with them, where they are, where they flow, who has access to them, and why.

Data risk management requires understanding the threats, vulnerabilities and risks associated with processing (e.g., collecting, exchanging, storing, deleting) the specific types of personal data we handle. By conducting Data Privacy Impact Assessments (DPIA) for our own internal business processes, measuring the effectiveness of policies, processes and controls, we constantly try to manage risks to an acceptable level and identify the current strengths and opportunities in the data protection practices of Printec.

We have implemented a thorough, organization-wide data incident response process that is integrated in our business continuity processes. Our cross-functional incident response team consists of personnel from multiple departments and countries. Our team provides guidance and takes responsibility for remedial actions based on members’ business function and role. Any incident or potential data breach will be handled by a subgroup of the incident response team since due to possible legal/regulatory implications, a different management process may be required.

Printec conducts a Data Protection Awareness program (including campaigns) in a variety of multi-media (on-line, print, video, live sessions) and languages, which aims at providing general training to all personnel and specific training to personnel who have permanent or regular access to personal data. Specific modules taking into account local specificities are also being developed. The attendance to the Data Protection Training is mandatory and in order to facilitate the participation of Printec employees we maintain an active intranet for collaboration and communications at all levels within the company. Beyond basic awareness training, Printec encourages & supports employees to pursue further training opportunities.

Let us know if you have any questions with respect to Printec and GDPR or need support for your data handling activities. Please contact Printec Data Protection Office at [email protected] or by completing the contact form and we will address all your questions and support your individual needs.