In the past few weeks, many people have received emails from different companies with “Privacy and Information Transparency Commitments,” or “Privacy and Information Policy Update” titled emails, describing the company’s personal data and privacy protection declaration and commitment. This is all due to the formal implementation of the GDPR (General Data Protection Regulation) law in the EU, effective beginning from May 25 of 2018.
The implementation of GDPR is of grave concern to worldwide enterprises, especially in this era of massive information transmission on the Internet and the increasing popularity of Internet of Things applications. It is easy for companies to obtain and/or process information beyond personal data collection process and overstep the boundaries of usage as regulated by GDPR. ThroughTek is an Internet of Things cloud-based service company, with customers located around the globe in Europe, America, Japan, South Korea, and China. ThroughTek understands its responsibility to respect and protect personal privacy. Thus, the company has officially released a “White Paper on Privacy Protection – How Do We Strengthen Protection of Personal Data Based on GDPR?,” not only to prepare for GDPR regulations, but have also already begun studying and promoting the EU’s ePrivacy compliance measures in the next phase.
After GDPR takes effect, some corporations choose to temporarily suspend their European operations or temporarily block European users for risk control. For example, the Chicago Tribune and Los Angeles Times have declared they are blocking European users to visit their website until it can be confirm to be in line with GDPR standards of privacy protection. In contrast, ThroughTek choose to face the challenges of GDPR’s high standards of personal data protection by completing certification by the British Standards Institute (BSI) back in September 2017 and the issuance of ISO 27001 (Information Security Management System) certificate. ThroughTek has been actively implementing GDPR regulations of personal data processing principles and provision within the company, and completed relevant education training to improve staff awareness of privacy protection and adjusting the company’s organizational processes and services to further enhance the transparency of personal data processing. At the same time, while considering technical feasibility, provide the maximum extent of the rights given to a funding body to manage their personal information, including Right of Access, Right to Rectification and Right to Erasure. ThroughTek has reached GDPR compliance, and continue to follow up and share our experience with customers and supplier partners:
– Enhance privacy awareness and related education and training
– Data analysis to understand owned or handled
– Updated Privacy Policy and related operating procedures
– Usage of higher security information technology
– Optimize the protection of products and services
– Review contracts of users, business partners and suppliers
– Appoint Data Protection Officer to coordinate responsibility for protection of personal data
For more detailed information on GDPR compliance, please refer to the latest “Privacy Policy White Paper” (click here) on ThroughTek’s website.
In addition to the current GDPR, the European Parliament are also discussing another bill called “Regulation on Privacy and Electronic Communications” (ePrivacy) as early as late last fall, and if it get passed, it may be implemented as soon as 2019. ePrivacy’s legislative spirit is the same as that of GDPR, but it is particularly aimed at network communication software and equipment, and would be within GDPR regulations. The standard covers online instant messaging services such as Skype, Line, WhatsApp and Facebook Messenger. Whenever a company wants to use cookies, IP addresses, GPS coordinates, etc., the company must obtain the user’s consent before placing the tracking code and data in the mobile phone. ThroughTek’s current corporate growth goals will also be based on the concept of “respecting privacy and giving personal data control rights to individuals”, and will continue to optimize the privacy protection design of product services in light of future stricter privacy protection standards in the European Union or other countries.