GDPR

The General Data Protection Regulation 

Preparing for a new era in privacy regulation at Vuture

In May 2018, a European privacy law is due to take effect. This is privacy law that will require big changes, and potentially significant investments, by organisations all over the world—including Vuture and its clients.

Known as the General Data Protection Regulation (GDPR), the law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents. The GDPR applies no matter where you are located and no matter how much EU data you currently have or might acquire in the future.

At Vuture we believe that the GDPR represents an important step forward for individual privacy rights. It gives EU residents more control over their “personal data” (which is precisely defined by the GDPR). The GDPR also seeks to ensure personal data is protected no matter where it is sent, processed, or stored. The law updates European privacy regulations for the first time in more than two decades, bringing them more in line with current technologies, and increases the uniformity of privacy regulations across the EU’s member states.

Supporting your journey to compliance with the GDPR

We want to help you focus on your core business while efficiently preparing for the GDPR. Our goal is to streamline your compliance with the GDPR through our smart technology, innovation, and close collaboration.

Vuture products and services are available today to help you meet the GDPR requirements, and we are investing in additional features and functionality to further ease the transition. Through our cloud services and on-premises solutions we’ll help you locate and catalogue the personal data in your systems, build a more secure environment, simplify your management and monitoring of personal data, and give you the tools and resources you need to meet the GDPR reporting and assessment requirements.

We are committed to share with you what we learn on our journey to compliance to make yours as seamless as possible. We will show you how our existing enterprise products and services can jump-start that journey today.

Vuture is committed to the following key principals from the GDPR:

  • You will always know the location where we are processing or storing your data. When you sign up with Vuture you will be able to choose from a range of data centre locations in Europe, America and Asia Pacific and your data will always remain in your chosen location .Should you want to change that location later on, we can help you with that.
  • We have implemented adequate security measures to protect personal data from loss, alteration, or unauthorised processing. You can be assured Vuture meets your security standards. We have a project in place to achieve ISO 27001 Information Security certification by the end of 2017.
  • Vuture only collects “necessary” data and limits the processing of “special” data. Only the personal data needed to perform the platforms function are collected by Vuture from your users or organisation and nothing more. There are also limits on the collection of “special” data, which are defined as those revealing things like race, ethnicity, political conviction, religion, and more . These will never be mandatory in our templates.
  • Vuture doesn’t use personal data for any other purposes other than otherwise stated in your contract.
  • Vuture does not share any data with third parties.
  • Anytime you like, you can erase the data when you stop using the services provided by Vuture. The platform allows you to download your own data immediately, and then the app will erase your data once you’ve terminated services.
  • Vuture adheres to implement data protection by design and by default.
  • Should there be a data breach, Vuture will inform you immediately, where required.
  • Vuture maintains adequate evidence of compliance to GDPR.
  • Vuture will never pass the data onto other countries outside of the EU or without adequate security protection.

Where do I start?

The GDPR contains many requirements about how you collect, store and use personal information. This means not only how you identify and secure the personal data in your systems, but also how you accommodate new transparency requirements, how you detect and report personal data breaches, and how you train privacy personnel and employees.

Given how much is involved; you should not wait until the regulation takes effect in May 2018 to prepare. You need to begin reviewing your privacy and data management practices now. Failure to comply with the GDPR could prove costly, as companies that do not meet the requirements and obligations could face substantial fines and reputational harm.

We recommend you begin your journey to compliance with the GDPR by focusing on five key steps:

1.  Discover
Identify what personal data you have and where it resides

2.  Control
Manage how personal data is used and accessed

3.  Protect
Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.

4.  Report
Action data subject requests and keep required documentation.

5. Review
Analyse your data and systems, stay compliant, and reduce risk.

Vutures commitment to YOU and the GDPR

The goals of the GDPR are consistent with Vuture’s long-standing commitment to security, privacy, and transparency at a global scale.

Below are a few actions that Vuture has already undertaken towards the GDPR:

  • Working on bringing our products and services fully into compliance with the GDPR as soon as possible.
  • Updating the features and functionalities in all of our services to meet the GDPR requirements
  • Updating our documentation and our customer agreements to reflect the GDPR requirements.

We will remain closely engaged as we prepare together for the GDPR to go into effect.