movingimage complies with GDPR!

Blog Post
Employees discussing GDPR compliance at work.
You have all probably heard about the EU General Data Protection Regulation (GDPR) coming into force on May 25th, 2018. The GDPR has become a prominent theme over the past few years, especially within business environments. As it will soon affect every corporation in Europe, as well as any corporation that maintains a business relationship with Europe, we’ve prepared a succinct, summarized Q&A to shed some light upon movingimage’s compliance with GDPR.

What is the GDPR?

The GDPR was designed to unify data privacy laws across Europe, to regulate companies’ personal data procedures, and to address the export of personal data outside of the EU. It includes the “right to be forgotten”, explicit confirmation of data processing, breach notification, and more. You can read more about the different specifications here.

When does the GDPR come into force?

Though approved by the European Parliament on April 14th, 2016, the transition period ends on May 25th, 2018, after which the GDPR will become officially enforceable.

What does “compliance” actually mean?

The GDPR has set a new standard for data protection and imposes companies to protect customers’ data accordingly or face hefty fines administered by supervisory authorities. Luckily, as mentioned above, movingimage complies with the GDPR: Not only did it implement the GDPR processes in 2017, but it also ensured that the legal data protection process is standardized as well as easy to implement, following the Privacy by Design standard.

Does the EU-U.S. privacy shield qualify as a compliance mechanism with GDPR?

No. Up until recently, companies could rely on the Privacy Shield Framework to comply with EU data protection requirements. However, on July 16, 2020, the European Union Court of Justice issued a judgment declaring the EU-U.S. Privacy Shield is an “invalid” mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Consequently, companies must store their data within the EU to be considered GDPR-compliant. movingimage hosts data in European-based clouds, giving companies peace of mind that their data is always stored in compliance with GDPR. In addition, movingimage has concluded EU standard contract clauses with its contractual partners to ensure GDPR-compliant data processing for customers.

Compliance with GDPR: European Parliament

Which GDPR-compliant processes does the movingimage EVP cover?

movingimage offers comprehensive GDPR-compliant coverage, including internal and external processes. Internal processes:

  • Internal data processing index
  • Internal data protection policies for all departments
  • Internal erasure concept for personal data
  • Least privilege access rights
  • Regular staff and training sessions
  • External Data Protection Officer

External processes:

  • ISO27001-compliant infrastructure (Azure)
  • Application penetration tests following OWASP Top Ten
  • Central authentication service connecting to customers’ existing IDP
  • Role-based access management (RBAC), following least privilege concept
  • Extensive metadata + search index to document and find relevant information
  • Automated unpublish and deletion periods
  • EVP based on “Privacy by Design”
  • “Golden Source” de-publishing (de-publishing on all platforms with one click)

Related Content

Searching for something else? Look into our knowledge base, where we keep all the good stuff…
Contact us