2CVDan Christmas

2CV’s Commitment to the General Data Protection Regulation (GDPR)

2CV will comply with applicable GDPR regulations as a data processor and controller when they take effect on 25th May 2018. In conjunction with our clients and our partners, we are currently working through the requirements to understand how they will impact on our business.

2CV’s Commitment to the General Data Protection Regulation (GDPR)

Where Do We Stand?

We are committed to address EU data protection requirements applicable to us as a data processor and controller. These efforts have been critical in our ongoing preparations for the GDPR:

Data controller:  We collect, store and manage Personal Data in an unbiased and secure way, and we only use it for purposes that we have informed subjects about and sought consent for, following the principles of Data protection by design and by default.

Data processing: Our ability to fulfil our commitments as a data processor to our clients, the data controllers, is a part of our compliance with GDPR.


Where Do You Stand?

As a current or future client or partner of 2CV, now is a great time for you to begin preparing for the GDPR as a data controller or processor. Consider these tips:

Get to know GDPR: Familiarise yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with both your clients and partners. Be aware that new requirements may require new solutions that meet the stringent requirements ahead.

Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal information that you control. Review your current controls and processes to ensure that they are adequate, and build a plan to address any gaps. Here are some steps you can take today:

1. Review your processes
2. Review your process documentation
3. Ensure you have a lawful basis for processing the data

Our GDPR compliance team are eager to help meet your needs in advance of May 25, so if you have any concerns please email GDPR@2cv.com.

Stay informed: Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you.

The ICO overview highlights the key themes of the General Data Protection Regulation (GDPR) to help organisations understand the new legal framework in the EU:


What's Next?

We will continue to make additional required operational changes resulting from the new legislation, and will keep our client and partners informed throughout this process. We have an internal cross-functional team who continue to monitor GDPR as it moves to become more clearly defined over the next few months, and who will continue to inform our strategy for GDPR.