On May 25th the General Data Protection Regulation comes into force. Since compliance with European legislation is a top priority at Textkernel we sat down with our Information Security Officer, Johan van der Zel, for a Q&A session on data security.
What is your role at Textkernel?
As Information Security Officer I am responsible for Textkernel’s security program. This includes identifying, evaluating and minimising risks related to the confidentiality, integrity and availability of Textkernel’s information resources. I am also responsible for compliance with laws and regulations related to information security and data privacy (primarily GDPR).
Could you describe what you do on a day to day basis?
An important part of my daily activities is answering questions related to information security from our clients as well as our own employees. Another important activity is drafting, reviewing, implementing and updating Textkernel’s information security policies, standards, procedures and guidelines. Another important activity is running our GDPR Compliance Project.
If you do not have a Data Processing Agreement (DPA) with Textkernel already and you’re in doubt whether you might need one, feel free to contact us.
How does the GDPR affect Textkernel?
As Textkernel processes and in certain cases also stores personal data provided by our clients, the GDPR has a large effect on our company. Many of our clients are approaching us to enter into a Data Processing Agreement with them as required by the GDPR. To ensure we are ready when the GDPR comes into force we are currently reviewing and, where necessary, updating all our internal processes, procedures, data systems and documentation. This includes documenting our data flows and creating a register of processing activities.
Do you have any advice for our customers?
I would like to recommend the following;
- If you do not have a Data Processing Agreement (DPA) with Textkernel already and are in doubt whether you might need one, feel free to contact us.
- As the GDPR requires that personal data is retained no longer than necessary, check what personal information you store on Textkernel’s infrastructure, and check the processes you have in place to remove this data when it is no longer needed.
Do you have any questions? Don’t hesitate to contact us!
Read more in our GDPR Statement.