As of the 25th of May 2018, the EU General Data Protection Regulation (GDPR) strengthens the rights of individuals regarding their personal data and seeks to unify local data protection laws across Europe. GDPR requires new or additional obligations on organizations in the EU processing personal data and organizations outside of the EU processing personal data of EU residents.
Celaton is committed to ensuring the security and protection of the personal information we process, and to provide a compliant and consistent approach to data protection. We have created this GDPR Compliance Statement to explain our approach to implementing our GDPR compliance program. It describes the implementation of our data protection roles, policies, procedures, controls and measures to ensure ongoing compliance with GDPR.
We place high priority on protecting and managing data in accordance with accepted standards. Celaton are certified to ISO 27001:2013 (Information Security). The requirements of this standard are closely aligned to the requirements of GDPR and demonstrate our offices, infrastructure, systems, policies and procedures are adequately robust to protect all personal data we process.
Celaton have taken steps to ensure we are compliant with GDPR, which includes but is not limited to the following:
We have established procedures and policies to restrict processing of personal information
We have updated our procedures for data breaches and incident responses
We have conducted data mapping and analysis on all our data processing activities and maintain a data process register including extended privacy impact assessments where personal information is required to be collected as part of the agreed process
We have appointed a data protection officer (DPO)
We are providing training to our employees and raising the awareness and importance of GDPR to our business and their individual responsibilities arising from this
We process personal data contained in business data transmitted to us, only on behalf of our customers, to the extent necessary for our services and in accordance with our customers’ instructions