The General Data Protection Regulation (GDPR) imposes more stringent rules on companies that offer goods and services to people in the European Union (EU), or that collect and analyze data relating to European residents. We believe that the GDPR is an important step forward in clarifying and protecting individual privacy rights. Open minds High Availability Solutions (Open Minds) takes the protection and privacy of all data seriously. We understand that you may have questions, and even some concerns, about how we handle your data and the impact of these significant ongoing regulatory changes. Therefore, we have prepared this document to address some of the key questions around how we have addressed our own GDPR compliance. We ensure that the protection of your client data is not compromised, thus we are fully compliant with our legal and regulatory responsibilities. And we continue to provide the highest standard of services to you, as our clients, globally. We at Open Minds have taken all the necessary steps to ensure our compliance with the GDPR:
• We carried out a personal data audit to document our processing activities
• We carried out any applicable risk assessments and mitigation’s as required under GDPR
• We updated existing and implemented new policies and procedures to comply with the enhanced and new rights and obligations
• We introduced new and improved training for our employees to ensure continued “good data handling”
• We audited our supply chain to ensure our suppliers are complying with the GDPR and are subject to compliant contract terms and conditions
• We kept a watching brief on and implemented best practice and regulatory guidance in the countries that we carry on business And we will continue to maintain and improve these activities on an ongoing basis.
What personal data does Open Minds process?
What personal data Open Minds processes will depend on the products and services that you purchase from us. In most cases, Open minds will process only very limited (non-sensitive) personal data of you as our client. For normal transactional business (being the provisioning and supply of standard third party products and services), the data is likely to be limited to the contact details of client employees as necessary to receive, fulfil and deliver your order, and for normal account management and reporting purposes (where required). If we provide you with consultancy, managed or other professional IT services then the processing will be focused on the fulfilment of the services engagement. Ordinarily there will be a statement of work or similar document which details the specific services (which helps to explain the type of data processing activities required). Again there will be the normal account management and possibly reporting services requested by you.
Information security is one of the most important elements of the GDPR. Open Minds recognises that ensuring the confidentiality, integrity and availability of information entrusted to Open Minds by its partners and clients is vital. Open Minds maintains a formal global Information Security program that implements standards and controls aligned with industry standards and best practices to facilitate the proper measures of protection across the organisation. With the frequency of change that occurs in the threat landscape that continues to pose a risk to this type of information as well as the continued changes in information protection and privacy laws around the globe, Open Minds as a standard practice, continually reviews, assesses and updates it’s security program and controls as necessary to meet these emerging threats and risks.
Open Minds Information Security program ensures a standard of controls across all layers of organisation to address risks at the staff, business process and technology levels to include, but not limited to the following:
• Polices and Standards
• Third-party due diligence
• Employee training and awareness
• Business Continuity and Disaster Recovery
• Risk Management and Mitigation
• Data Breach/Incident Management
In Summary Open Minds has conducted a detailed and comprehensive program of compliance to the enhanced requirements of the GDPR, and we are committed to processing your data in accordance with this high standard.