ZINFI Technologies, Inc., a company leading the definition and creation of Unified Channel Management (UCM) solutions, today announced it has completed an exhaustive internal review and a series of modifications to its channel management software platform, and has trained personnel worldwide to ensure compliance with requirements under the new General Data Protection Regulation (GDPR).
The GDPR is a new digital privacy regulation that takes effect May 25, 2018. GDPR standardizes a diverse range of privacy rules across the European Union (EU) into a single set of requirements that protect the personal data of individuals across all member states. The Regulation introduces robust new requirements designed to ensure higher standards for personal data privacy, protection and security for EU citizens.
Organizations processing the personal data of EU subjects will now be required to build in privacy settings into their digital products and websites and have them switched on by default. These organizations will need to conduct regular privacy impact assessments, strengthen their procedures for securing permission to use personal data, document the different ways they use that data, and follow stricter rules regarding how and when they report personal data breaches.
ZINFI welcomes the GDPR as an opportunity to:
• Deepen its relationships with clients and demonstrate its commitment to the protection of personal data in the context of channel management
• Ensure full compliance with the GDPR in the delivery of its products and services to its customers
• Provide assistance to its customers as they take measures to comply with the GDPR
• Make enhancements to its products, contracts and documentation to support its own compliance with the GDP and support compliance efforts among customers engaged in channel management and their partners
ZINFI has undertaken a seven-point GDPR Commitment program to comply and to assist its channel management customers with compliance.
1. Data Protection Office – ZINFI has established this office to monitor compliance with GDPR and with other EU and member state provisions for protecting personal data, including the assignment of responsibilities, awareness-raising, training of staff involved in processing operations and the performance of related audits
2. Enhanced Data Security – ZINFI has upgraded its systems to a SaaS model architecture with updated security measures including firewalls, two-factor authentication, anti-virus and phishing protection, along with state-of-the-art encryption techniques involving interservice communication and Representational State Transfer (REST). ZINFI’s data center has been migrated to a SSAE16 (SOC1) compliant infrastructure, providing unparalleled security to personal data.
3. Consent Management – Extensive, transparent consent-obtaining procedures are employed at ZINFI to document that a data subject has consented to the processing of his/her data and that records are stored for ready accessibility. Opt-out interfaces are integrated to provide end users with hassle-free access to their personal data.
4. Data Accuracy – ZINFI incorporates two key procedures to ensure data is accurate by:
a. Removing any historic records from systems that are no longer required
b. Implementing automated processes to ensure personal data is removed after a designated period of time if there is no reason to keep it
5. Data Processing – With revamped internal policies and re-engineered processes, ZINFI ensures personal data is collected and processed lawfully, fairly and in a transparent manner. ZINFI has also upgraded its system to deploy strict role-based access controls to ensure appropriate record visibility and access.
6. Data Breach Response – ZINFI has established a Breach Incident Response team and formulated an exhaustive policy to ensure personal data breaches are immediately monitored, analyzed and mitigated, and are reported in compliance with GDPR requirements.
7. Training and Audit – ZINFI is conducting three types of training in response to GDPR requirements:
a. General Workforce Privacy Awareness Training – basic privacy awareness for the entire workforce
b. Training about GDPR – training that introduces select employee groups to specific GDPR compliance requirements
c. Role-Based Training – training for specific roles in organizations, such as managing products and services for privacy or managing vendors
These certifications and audit reports constitute the building blocks of ZINFI’s extensive risk assessments and remedial policies. At the same time, ZINFI is conducting privacy impact assessment (PIAs) ahead of new projects and at regular intervals for existing ones to identify any processes that may pose risks to a subject’s personal data.
ZINFI’s GDPR Resource Center presents a 360-degree view of the GDPR and provides best practices guidelines for channel management organizations seeking to attain compliance. The Center provides a variety of tools for this purpose, including interactive sessions, white papers and expert discussions for organizations in the process of understanding and complying with the new Regulation.
“At ZINFI, we are committed to our customers’ success in all of their channel management activities,” said Sugata Sanyal, ZINFI’s founder and CEO. “We have worked hard to build strong relationships with our customer base, and this extends naturally to compliance with the GDPR in the delivery of services to our customers. We have closely analyzed the new GDPR requirements and have rigorously enhanced our products, contracts and documentation to support our own compliance and assist our customers and their partners in meeting their own obligations under the new regulation.”