Search

Vanderbilt’s answer to the new GDPR

In 2015, the EU launched the new “General Data Privacy Regulation”. This enters into force from May 25, 2018 and every company operating in one or more of the 28 EU member countries must abide by this regulation. As such, this will have a big impact on how companies handle personal data.

Vanderbilt operates in the majority of EU’s 28 countries and processes all data in private and public cloud suppliers in the EU and USA. Therefore, the GDPR compliance is an important issue for us.

Since the beginning of 2017, Vanderbilt has initiated several activities to comply with this new adjustment. As the EU regulation highly depends on the old German Data Protection regulation, we enlarged our already existing protection processes in Germany, and began to roll these out to our offices in other European countries.

We assigned a Data Protection Officer on July 1, 2017. Until May 2018, their main task is to develop and implement a data protection concept. This includes obtaining general agreements with all our external suppliers to obligate them to store the relevant data and to operate according to the GDPR. Part of our agreement with suppliers is to get a list of third countries that might store our data. Mostly, we are using our GDPR compliant agreement for the commissioned data processing. If a supplier proposes their own agreement, we carefully check the content to ensure that all GDPR requirements are reflected.

A special area of focus is Software-as-a-Service products such as Vanderbilt’s ACT365 and SPC Connect. These solutions must also comply with the new regulation. As we operate and store personal data from our customers, we emphasize, for instance, on the security and encryption of the processed data, the storage time of data, and the design of the privacy and data protection.

The actual GDPR will not be the final version as there are further needs yet to be addressed. For instance, the new obligation to inform the authorities about data privacy or security violations is on the right track, but it is not clear when an incident must be reported. Companies still have different interpretations of what is a serious or harmless incident.

To summarize, we are certainly on the right track but still have more to do. Happily, however, in the last broad cyberattack, Wannacry, Vanderbilt and our selected providers could not report any violation of our data usage.

Sign-up to our monthly customer newsletter .

Recent Posts

Subscribe to our newsletter

Don't miss new updates on your email
Click here

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top