Cymphony and GDPR: Protecting Your Personal Data

What is Cymphony doing about GDPR?

We take our responsibilities under GDPR seriously. That’s why we’ve embarked on a programme to identify which measures we need to implement to be compliant with GDPR, and are working to implement them in time for May this year. Here is a quick summary of what we’ve done to date:

  • We carried out a comprehensive GDPR audit assessment and have now created an internal roadmap to work towards compliance with GDPR by 25 May 2018.
  • We have started our internal GDPR training program to ensure all of our staff are aware of what GDPR requires and how it impacts their day-to-day roles
  • We’re engaging with product and security teams to consider and make the necessary changes/improvements to our product
  • We conducted a data-mapping exercise to discover where all information sits.
  • We’re reviewing our key third-party vendor arrangements and reducing our key storage suppliers to ensure all information is centralised, known and easily accessible
  • We’re refining procedures to deal with some key data subject rights, like subject access requests and the right to request deletion

What’s next?

Some of the key items we will be working on over the coming months are:

  • Updating our external-facing policies to be GDPR compliant and publishing those updated policies ahead of the GDPR effective date
  • Developing a GDPR-compliant data retention policy
  • Updating our data breach procedures to bring them in line with GDPR
  • Rolling out other internal processes to put data protection at the heart of what we do