Katabat is committed to compliance with the General Data Protection Regulation (GDPR), a new data protection regulation coming into effect in the European Union on May 25, 2018. As Katabat processes personal data of EU residents on behalf of our clients, Katabat must comply with this regulation.
The GDPR introduces requirements for organizations controlling or processing personal data for EU residents. The overall intent is to protect the rights of EU citizens with respect to their personal data. This post addresses this regulation’s impact on Katabat as a processor of EU personal data.
The GDPR is a regulation that addresses not only data privacy but also data protection. Katabat has a proven reputation for protecting sensitive data and has been preparing for GDPR implementation for a long time.
What is Katabat doing for GDPR…
Katabat is a processor for our clients who are controllers of the personal data of their customers. As a processor, Katabat maintains client data (i.e., customer and transactional data) in a secure environment that enables client access, and has procedures and infrastructure in place to recover data in the event of a disaster.
Katabat supports GDPR in the following ways:
Katabat has designated Arthur Haigh, Chief Information Security Officer, as our Data Protection Officer (DPO) and our Privacy Officer. Katabat also has designated an Executive Risk and Compliance Committee with oversight responsible for GDPR implementation.
Personal Data Inventory
Katabat has identified a complete data inventory of all personal data, inclusive of what data is held and where.
Data Protection by Design
All Katabat products are designed with data protection as a core requirement. Katabat will support additional improvements to the design through the implementation of the data controller’s (client’s) design requirements.
Katabat currently addresses data sovereignty by using data centers in the EU/UK region and by only embracing cloud services that offer jurisdictional assurance of storage, processing, and appropriate security within the EU. Katabat shall continue to select IT vendors and cloud providers who can demonstrate that the requirements of the GDPR are built-in by design and by default to their solutions.
Security of Processing
Katabat has repeatedly proven that its processing of sensitive data is secure by meeting and/or exceeding the requirements of the PCI Data Security Standard and Trust Service Principles for Security, Confidentiality, and Availability. We are also SOC 2 Type 2 certified. Katabat will support data controllers in implementing their technical requirements to ensure an appropriate level of security is in place for processing activities, such as encryption and regular testing of technical measures.
Training and Awareness Program
Katabat colleagues are required to complete mandatory training modules (Compliance, Risk, Ethics, Fraud, and Information Security) annually. Privacy is incorporated into the Compliance training module. Each course is reviewed annually for content associated with regulatory change and policy updates.
The Katabat dedication to data privacy and security never stops. Our leadership and team are always striving to improve delivery of these essential protections. If your organization shares our passion on this topic, or is just starting to come to grips with the new data privacy demands of GDPR, don’t hesitate to reach out to us at firstname.lastname@example.org. For another starting point, check out this series of posts by Katabat CISO Arthur Haigh on the landscape of data regulations worldwide.
This information is not intended to contain legal interpretations, guidance or counsel. This information is subject to change and may not apply to your jurisdiction. Katabat encourages each client to seek the advice of legal counsel to ascertain all applicable rights and obligations.