The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 (including in the UK regardless of the decision to leave the EU) and impacted every organisation which holds or processes personal data. It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it superseded.
Pixl8 is committed to high standards of information security, privacy and transparency. We place a top priority on protecting and managing data per accepted standards.
For customers, a Pixl8 platform whitepaper is available with specific GDPR updates.
An updated privacy policy is available on our website.
The company will comply with applicable GDPR regulations, including as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services. Our team of experienced business analysts, consultants and digital specialists will also help to support customers in achieving their requirements through the provision of expert services and technology solutions.
The company has two main areas of focus in preparing for GDPR overseen by our management team:
- Building on existing security and business continuity management systems, to ensure our compliance
- Product programmes to support compliance for users of bespoke applications built on our preside platform
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
Compliance
Led by our CEO and Head of Operations, and supported by our external advisors, updated policies and procedures will build on existing management systems, informed by gap analysis and data protection risk assessments and supported by communication and training programmes.
By a review of existing contracts with data controllers, the use of sub-contractors and any data export arrangements we support this compliance.
The company implements tools as appropriate that support the process, providing the necessary security and ongoing delivery of objectives.
In many areas the hosted services provided by Pixl8 already conform. As a data processor, the company continues to undertake work with our customers to ensure full understanding of the data types we hold and a data protection impact analysis of personal information stored and processed.
Policies such as incident response plans and backup data retention are reviewed and updated continually.
Pixl8’s software applications
Pixl8’s software applications are used to provide efficient and high-quality services. The software provides our customers with the flexibility to build their functionality for the capture of personal information in addition to other bespoke functionality. The company is committed to providing technology solutions to support customers’ GDPR obligations, whether through standard features or training.
All organisations will need to be confident, for example, that personal and transactional data can be located and anonymised or erased, to respond to requests to delete, rectify, transfer, access or restrict the processing of data.
Customers should contact their Project Manager/Customer Success Manager/Account Manager to understand what features are available to enable this, from data cleansing and subject access reports to specific data retrieval and disposal tools which create efficiencies by allowing organisations to locate, anonymise and remove data with minimal administrative effort and to enable a quick and efficient response to information requests.