In Europe, a new data protection regulation called GDPR (General Data Protection Regulation) is lining up and will come into effect starting the 25th of May 2018. The GDPR regulates how individuals and organizations like ProImageEditors (PIE) may obtain, use, store and delete personal data. The information below will provide an idea of what PIE has done so far and will do to comply with the new GDPR regulation and become an GDPR compliant image editing company.
What we have done in the past to protect your data:
ProImageEditors started as a postproduction company primarily catering to stock and microstock photographers and agencies. This meant that utmost care was required handling stock pictures, it’s editing, and the storage of sensitive data. Therefore, all workflows, security features, data storage, and handling of data were put into place considering the handling of stock images, and the same principles have also been applied to the processing of data for all other types of photography that we process. Therefore, a lot of the security features were already in place at our offices in Mumbai to guarantee the safety of your data years ago. This security concept already addresses many aspects of the new data protection regulation:
- Editor workstations are isolated from the internet, which means that there are no threats of viruses, hackers, or unauthorized data transfers.
- All premises are only accessible via a fingerprint scanner and a key card system.
- All our production floors are video monitored.
- Any storage system e.g., USB sticks, external hard drives, cell phones, etc. are forbidden on the production floors.
- Even if a storage system gets onto the production floor, it would not be possible to use it, as all the production machines have blocked connections (USB ports, etc.).
- All data is subject to a backup system.
- The image editing personnel is not aware of the name or address of their customers – they only work with anonymous client codes.
- All data is managed on a central server in Germany, and access rights are regulated through our administration software.
- After the editing process is complete, all images are deleted after 15 days (from our online server) and after 30 days from (our offline server).
All our security systems are continually being documented, amended, and comprehended to ensure further compliance with the principles proposed by the GDPR.
Starting from 25th of May 2018 we will have the following documents ready for you to ensure that we are GDPR-compliant:
- Data Privacy Statement:
A new data privacy statement is available on our website. From now on, it is the basis of any order. You do not need to do anything about it. However, the next time you log in to our website, you will need to accept it.
- Data Processing Agreement (DPA) and Technical and Organizational Measures (TOM):
You can download these documents from your profile under“Consents, Privacy & GDPR”. The DPA is a pre-signed document from ProImageEditors, which you will need to sign and send back to us at firstname.lastname@example.org. The TOM is only for informative purposes.
- Standard contractual clauses for the transfer of personal data to processors established in third countries:
As you know, ProImageEditors is a US-based company with its production in India. As such, we are based outside the EU, and you need to sign this contract with us that ensures data security of files transferred to processors established in third countries. It is a pre-signed document from ProImageEditors, which you will need to sign and send back to us email@example.com.
With the documents mentioned above, you can create GDPR compliant business relations with your customers. However, as you may have noted in the discussions regarding GDPR, there is still a lot of uncertainty about this. We will keep an eye on this topic and send you updates as they get available. Also, we will always link to the most recent versions of the contracts in your customer profile, so please check them from time to time.
On a final note: We highly value you and your clients’ privacy and data security, as they are the basis of a trustful business relationship. This has been the case in the last thirteen years and will remain like this going forward.