GDPR Update for Stakeholders (April 2018)
With the entry into force of the EU's General Data Protection Regulation ("GDPR") just one month away, we are proud to share a quick update on Palram's data protection compliance project that is underway in order to get the entire group GDPR compliant. A cross functional team has been working intensely on GDPR since the start of the year, led by the Palram Group's CIO, General Counsel and VP Human Resources, including also senior marketing and other personnel, and external advisors. Palram entities in the EU and beyond have been consulted and involved, and the group has moved from a gap analysis to the remediation phase of its work. In other words, we are now implementing very practical steps to ensure Palram's GDPR compliance. With the blessing of Palram’s management we are delighted to update all Palram stakeholders. Here are some of the major steps we are taking:
- We are in the process of a thorough review of data privacy, access control, business continuity, and other aspects of confidentiality, integrity and availability. We are also testing certain new products and components that help maintain our excellent data security.
- GDPR training and awareness for Palram staff. At headquarters and around the world, staff interacting with personal data will benefit from GDPR awareness and training. [The Palram management committee was the first group in Palram to enjoy their training].
- Tightening of data retention practices, and purge of retired data. Both at policy levels, and in practical implementation, we are taking technology and policy steps to limit the personal data we collect, use and keep to a minimum.
- Data Protection agreements: in the coming weeks we will be putting in place data protection agreements as may be required for organizations with whom we share any personal data.
- Human resources: the people at Palram matter most, and we are taking steps to ensure all employees know their data protection rights, and also are able to do their part to support Palram's data protection program.
- We have appointed a group Data Protection Officer ("DPO"), MyEDPO (www.myedpo.com), a team of GDPR experts who have been deeply involved in our GDPR compliance process. They can be contacted at: firstname.lastname@example.org.
We are delighted for this opportunity to reaffirm our commitment to data protection best practices, and to full compliance with GDPR and other applicable laws and regulations.