The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
Pixl8 is committed to high standards of information security, privacy and transparency. We place a top priority on protecting and managing data per accepted standards.
For customers, a Pixl8 platform whitepaper is available with specific GDPR updates.
The company will comply with applicable GDPR regulations when they take effect in 2018, including as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services. Our team of experienced business analysts, consultants and digital specialists will also help to support customers in achieving their requirements through the provision of expert services and technology solutions.
The company has two main areas of focus in preparing for GDPR overseen by our management team:
Building on existing security and business continuity management systems, to ensure our compliance
Product programmes to support compliance for users of bespoke applications built on our preside platform
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
Led by our Managing Director and supported by our external advisors, updated policies and procedures will build on existing management systems, informed by gap analysis and data protection risk assessments and supported by communication and training programmes.
By a review of existing contracts with data controllers, the use of sub-contractors and any data export arrangements we support this compliance.
The company will implement tools as appropriate that support the process, provide the necessary security and ongoing delivery of objectives.
In many areas the hosted services provided by Pixl8 already conform. As a data processor, the company is undertaking work with our customers to ensure full understanding of the data types we hold and a data protection impact analysis of personal information stored and processed.
Policies such as incident response plans and backup data retention will be reviewed and updated.
Pixl8’s software applications
Pixl8’s software applications are used to provide efficient and high-quality services. The software provides our customers with the flexibility to build their functionality for the capture of personal information in addition to other bespoke functionality. The company is committed to providing technology solutions to support customers’ GDPR obligations, whether through standard features or training.
All organisations will need to be confident, for example, that personal and transactional data can be located and anonymised or erased, to respond to requests to delete, rectify, transfer, access or restrict the processing of data.
Customers should contact their project manager to understand what features are available to enable this, from data cleansing and subject access reports to specific data retrieval and disposal tools which create efficiencies by allowing organisations to locate, anonymise and remove data with minimal administrative effort and to enable a quick and efficient response to information requests.