movingimage Complies With GDPR: Q&A

You have all probably heard about the EU General Data Protection Regulation (GDPR) coming into force on May 25th, 2018. The GDPR has become a prominent theme over the past few years, especially within business environments. As it will soon affect every corporation in Europe, as well as any corporation that maintains a business relationship with Europe, we’ve prepared a succinct, summarized Q&A to shed some light upon movingimage’s compliance with GDPR.

What is the GDPR?

The GDPR was designed to unify data privacy laws across Europe, to regulate companies’ personal data procedures, and to address the export of personal data outside of the EU. It includes the “right to be forgotten”, an explicit confirmation of data processing, breach notification, and more. You can read more the different specifications here.

When does the GDPR come into force?

Though approved by the European Parliament on April 14th, 2016, the transition period ends on May 25th, 2018, after which the GDPR will become officially enforceable.

What does “compliance” actually mean?

Complying with GDPR is vital. Any business found not adhering to the rules is subject to heavy fines. Luckily, as mentioned above, movingimage complies with the GDPR: Not only did it implement the GDPR processes in 2017, but it also ensured that the legal data protection process is standardized as well as easy to implement, following the Privacy by Design standard.

Which GDPR-compliant processes does the movingimage EVP cover?

movingimage offers a comprehensive GDPR-compliant coverage, including internal and external processes.

Internal processes:

  • Internal data processing index
  • Internal data protection policies for all departments
  • Internal erasure concept for personal data
  • Least privilege access rights
  • Regular staff and training sessions
  • External Data Protection Officer

 

External processes:

  • ISO27001-compliant infrastructure (Azure)
  • Application penetration tests following OWASP Top Ten
  • Central authentication service connecting to customers’ existing IDP
  • Role-based access management (RBAC), following least privilege concept
  • Extensive metadata + search index to document and find relevant information
  • Automated unpublish and deletion periods
  • EVP based on “Privacy by Design”
  • “Golden Source” de-publishing (de-publishing on all platforms with one click)

For Further Questions

I have some questions regarding my business’s video-compliance.
Whom can I contact?

movingimage boasts vast experience with GDPR-compliance and would love to answer any questions you may have regarding the subject. Feel free to contact us for any more information!