movingimage Complies With GDPR: Q&A

What is the GDPR?

The GDPR was designed to unify data privacy laws across Europe, to regulate companies’ personal data procedures, and to address the export of personal data outside of the EU. It includes the “right to be forgotten”, explicit confirmation of data processing, breach notification, and more. You can read more about the different specifications here.

When does the GDPR come into force?

Though approved by the European Parliament on April 14th, 2016, the transition period ends on May 25th, 2018, after which the GDPR will become officially enforceable.

What does “compliance” actually mean?

The GDPR has set a new standard for data protection and imposes companies to protect customers’ data accordingly or face hefty fines administered by supervisory authorities. Luckily, as mentioned above, movingimage complies with the GDPR: Not only did it implement the GDPR processes in 2017, but it also ensured that the legal data protection process is standardized as well as easy to implement, following the Privacy by Design standard.

Which GDPR-compliant processes does the movingimage EVP cover?

movingimage offers comprehensive GDPR-compliant coverage, including internal and external processes. Internal processes:

  • Internal data processing index
  • Internal data protection policies for all departments
  • Internal erasure concept for personal data
  • Least privilege access rights
  • Regular staff and training sessions
  • External Data Protection Officer

External processes:

  • ISO27001-compliant infrastructure (Azure)
  • Application penetration tests following OWASP Top Ten
  • Central authentication service connecting to customers’ existing IDP
  • Role-based access management (RBAC), following least privilege concept
  • Extensive metadata + search index to document and find relevant information
  • Automated unpublish and deletion periods
  • EVP based on “Privacy by Design”
  • “Golden Source” de-publishing (de-publishing on all platforms with one click)