In the past few weeks, many people have received emails from different companies with “Privacy and Information Transparency Commitments,” or “Privacy and Information Policy Update” titled emails, describing the company’s personal data and privacy protection declaration and commitment. This is all due to the formal implementation of the GDPR (General Data Protection Regulation) law in the EU, effective beginning from May 25 of 2018.
The implementation of GDPR is of grave concern to worldwide enterprises, especially in this era of massive information transmission on the Internet and the increasing popularity of Internet of Things applications. It is easy for companies to obtain and/or process information beyond personal data collection process and overstep the boundaries of usage as regulated by GDPR. ThroughTek is an Internet of Things cloud-based service company, with customers located around the globe in Europe, America, Japan, South Korea, and China. ThroughTek understands its responsibility to respect and protect personal privacy. Thus, the company has officially released a “White Paper on Privacy Protection – How Do We Strengthen Protection of Personal Data Based on GDPR?,” not only to prepare for GDPR regulations, but have also already begun studying and promoting the EU’s ePrivacy compliance measures in the next phase.
After GDPR takes effect, some corporations choose to temporarily suspend their European operations or temporarily block European users for risk control. For example, the Chicago Tribune and Los Angeles Times have declared they are blocking European users to visit their website until it can be confirm to be in line with GDPR standards of privacy protection. In contrast, ThroughTek choose to face the challenges of GDPR’s high standards of personal data protection by completing certification by the British Standards Institute (BSI) back in September 2017 and the issuance of ISO 27001 (Information Security Management System) certificate. ThroughTek has been actively implementing GDPR regulations of personal data processing principles and provision within the company, and completed relevant education training to improve staff awareness of privacy protection and adjusting the company’s organizational processes and services to further enhance the transparency of personal data processing. At the same time, while considering technical feasibility, provide the maximum extent of the rights given to a funding body to manage their personal information, including Right of Access, Right to Rectification and Right to Erasure. ThroughTek has reached GDPR compliance, and continue to follow up and share our experience with customers and supplier partners:
– Enhance privacy awareness and related education and training
– Data analysis to understand owned or handled
– Usage of higher security information technology
– Optimize the protection of products and services
– Review contracts of users, business partners and suppliers
– Appoint Data Protection Officer to coordinate responsibility for protection of personal data