The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. The main intent of the GDPR is to give individuals more control over their personal data, impose stricter rules on companies handling it and make sure companies embrace new technology to process the influx of data produced.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Tyk is committed to ensuring the security and protection of the personal information and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR. Some of the measures we have taken are:
- Data Review – Tyk has reviewed where and how we collect, use and store personal data and have updated policies, standards and documentation as needed.
- Transfer of data outside the EEA – Where Tyk stores or transfers personal information outside the EU, we will take all reasonable steps to maintain the integrity of the data.
- Data minimisation – We will only process the personal data that we need, in order to achieve our processing purposes.
- Awareness and Training – We will ensure that all Employees responsible for the Processing of Personal Data go through suitable training concerning data processing.
- Review of consents – We have reviewed our existing marketing practices, and associated consents, to ensure that these are transparent and GDPR-ready.
- Subject Access Rights – We have updated to our existing subject access request processes to ensure that it is easier and quicker for data subjects to exercise their rights
Tyk is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation.