Introduction

A new EU regulation will soon come into effect that impacts how all organisations collect, hold and process people’s personal data. The General Data Protection Regulation (GDPR) will become law on 25th May 2018 and will introduce new responsibilities that supersede the existing Data Protection Act.

In simple language, data subjects will now have more say over what, how, why, where, and when their personal data is used, processed, or disposed of.

As we move closer to 25th May 2018, TrackBack is focused on its GDPR compliance responsibilities. For some time now, we have been evaluating new requirements and restrictions imposed by GDPR and are taking all necessary actions to ensure that we handle all data in compliance with the applicable law. From our perspective this is the minimum required standard. Many of our clients have requirements that go far beyond the basic requirements of GDPR and in those cases we design our solutions to match the specific client needs.

How is TrackBack preparing for GDPR?

At TrackBack, we understand the value and importance of data protection. We are committed to working collaboratively with our clients to ensure that we meet their compliance needs as they gear up for the new regulation to come into effect on May 25th, 2018. As a data processor, TrackBack understands its obligation to help clients get ready for the big day.

Some of our ongoing initiatives include:

Identifying personal data – We have reviewed our processing activities and we have identified and documented all our data touchpoints making it easier to understand the personal data we collect, why we need it, how the data we collect is processed, how the data is stored and how long we keep this data for.

Transparency and Visibility – The most important aspect of GDPR is how the collected data is used. As a Data Processor, our key role is to provide our clients (the Data Controllers) detailed information on how data entrusted to us is processed and managed. To this end we have documented our data processing activity on a client by client basis to ensure complete transparency to our clients.

Enhancing data integrity and security – TrackBack has completed a detailed organisation-wide data classification assessment, and we have identified the personal identifiable information (PII) we process on behalf of our clients. This has allowed us to implement the highest levels of security hardening into our processing infrastructure.

What’s Next?

At TrackBack, we strive to deliver outstanding performance to our clients. We will continue to make any additional required operational and security changes resulting from the new legislation, and will keep our clients, partners and regulatory authorities informed throughout this process as we work towards a defined goal.

TrackBack senior management team and advisors will continue to monitor the programme up to the target date in 25th May 2018 and beyond.