Blog

4 Ways to Prepare for GDPR Compliance

Posted by: Lisa Sigler May 23, 2018 Compliance

Exostar is a leader in secure business solutions, so we always strive for the utmost level of data security. The upcoming May 25th deadline for GDPR has given us an opportunity to review our internal processes and documentation to see if there were any places for us to improve our security or data handling procedures. Because of our constant commitment to data protection, we had relatively little to do to meet GDPR compliance requirements. But we have taken a few steps to ensure that both we and our customers are collecting and processing data in line with the new rules. These actions are a good place for any organization to start when looking at GDPR compliance.

Here are four things Exostar has done to prepare for GDPR compliance that you should consider:

1) Updated our privacy policy.
Although Exostar’s rigorous approach to data protection was very much in line with the GDPR guidelines, we have updated our privacy policy to provide more information about how we handle personal data. The changes include:

  • More complete descriptions of how we collect, use, and transfer personal data
  • Information on how long we retain data
  • Updated description of transfers of data from the EU to the United States

2) Conducted internal training.
Exostar employees have trained on GDPR provisions, to ensure that we continue to develop our solutions to safeguard the private information of our customers and their business contacts in order to maintain their GDPR compliance.

3) Inventoried internal procedures.
We examined the ways we collect and use data throughout the customer lifecycle—during the onboarding process, as customers use our solutions, and during any support interactions. Although in general Exostar processes personal data only on behalf of others, GDPR applies to organizations that are primarily “processors” as well as those that collect and process data for their own purposes (“controllers”).

4) Updated our products.
Data security has always been the hallmark of Exostar solutions, but a few adjustments have been made to align with GDPR provisions regarding data retention and deletion (the “right to be forgotten”). We have explored ways to include “privacy by design,” which means designing solutions specifically so data doesn’t need protection. In addition, we have also checked that roadmaps for future developments continue to support the GDPR provisions.

Exostar’s GDPR compliance protects the data that we collect and process on our customers’ behalf. Because of our constant vigilance, Exostar customers can rest assured that their data is safe, secure, and under their control. Take these first steps to make sure your customers’ personal data is protected as well.

If you have any questions, please let us know.