The GDPR – the General Data Protection Regulation – will come into force on May 25th 2018. By that moment, each enterprise needs to prove that the processing of personal data is compliant to the GDPR.

We have followed up the data privacy and GDPR regulation since the founding of d!nk in 2010 and we see data protection as an opportunity for customer engagement.

We are happy to share how we implemented the GDPR compliance.

Step #1: Conduct an internal audit of your data process and security infrastructure

Before taking actions, you need a clear picture of all the processes that handle personal data in your organization. The GDPR is also a good opportunity to revisit the information security measures in place.

We used the Agoria GDPR Compass to analyse the data processing, mapping of risks and suggested measures. We have worked with Zion Security to perform a security audit.

Step #2: Implement measures to be GDPR compliant

Implementing the recommendations from the data privacy risk analysis and security audit report can have a profound impact on your organizational processes and IT infrastructure.

d!nk is a processor of personal data, and we have good news: d!nk has taken the required measures to be compliant with GDPR by end of 2017. The Security Statement provides an overview of the physical and organisational security measures we have taken.

We zoom in on two specific measures regarding the GDPR: appointing a DPO and providing access to personal data:

DPO Role: The GDPR provides an important role for the Data Protection Officer within an organization by advising on data protection projects, such as privacy policies; data protection impact assessments; awareness and training and as a contact person for internal (employees) and external (data protection authorities, consumers, …) requests.
d!nk has decided to appoint an external DPO. This service is also available to D!nk partners and customers.

Access to data: The GDPR provides the right to users (data subject) to have access to their personal data which is processed (stored, consulted, …) by organisations, and they have the right to be forgotten and to withdraw their consent. d!nk has implemented Consent management for Account Hub and other applications involving collection of personal data. This system allows to store the consent of the data subjects of our customers and give them access to view and revoke their consent.

Please contact us at dpo@dink.eu for more information on the GDPR compliance.