What is the GDPR?

In 2012, the European Commission began a process to reform Europe’s existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. In light of rapid technological developments, increased globalisation, and more complex international flows of personal data, the GDPR was agreed and adopted in 2016 and will take effect on 25 May 2018.

The GDPR aims to make data protection regulations:

  • More relevant
  • More comprehensive
  • More unified

 

What does the GDPR change?

The GDPR provides more privacy rights to EU individuals and places significant obligations on organisations. It’s a great opportunity for companies to review their current data processing activities and make sure they’re protecting customer data appropriately.

Some key changes include:

  • Compliance obligations: The GDPR requires organisations to document and to demonstrate how they comply with data protection requirements. This means additional documentation of systems, processes and procedures.
  • Enhanced rights: On top of existing rights in the EU, like the right to access and correct personal data held by an organisation, the GDPR introduces new data protection rights for individuals, such as the right to portability, and the right of erasure.
  • Data breach notification and security: The GDPR requires organisations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organisations.
  • Privacy by design: Organisations must implement technical and organisational measures to show they have considered and integrated data compliance measures into their data processing activities. This builds on the idea that privacy should be considered from the start (and throughout) the systems and product design process.

 

What is Poq doing about the GDPR?

 

We take our responsibilities under the GDPR seriously and welcome it as an important step in streamlining data protection across the EU. To do so, we embarked on a programme to identify which measures we need to implement to be compliant with the GDPR. Here is a summary of what we’ve done so far:

  • We conducted a data-mapping exercise that tracks personal data flows throughout our systems.
  • We underwent an internal readiness assessment to find the gaps.
  • We created an internal roadmap based on the gap assessment to work towards compliance with GDPR
  • We have completed our internal training programme, so that employees are aware of what the GDPR requires.
  • We have updated procedures to deal with some key data subject rights, like subject access requests and the right to request deletion.
  • We reviewed our key third-party sub-processor arrangements to make sure we have the appropriate contractual protections in place to satisfy the GDPR requirements.


Some of the key items Poq have worked on to become GDPR compliant:

  • Updated our external – and internal-facing policies to be compliant
  • Developed a compliant data retention policy.
  • Updated our data breach procedures.
  • Finalised our data maps and data-processing records
  • Integrated privacy by design into product development, including through the creation and implementation of data protection impact assessments.

 

For more information on what Poq are doing about the GDPR, please read the Poq Privacy Policy alternatively contact privacy@poqcommerce.com

For customers wishing to know more about what Poq is doing about GDPR, please contact the Customer Success Team