Are you GDPR ready?

1
ARE YOU GDPR-READY?
2
GDPR goes into effect on May 25. Are you
prepared? Are you GDPR-compliant? Are you ready?

• When the European Union announced its intention
  to expand regulations of its existing data
  privacy laws over 2 years ago, U.S. businesses
  focused on what would be their burden of
  compliance and how it would impact their level of
  liability.  At the time, the GDPR (General Data
  Protection Regulation) was an unprecedented
  enforcement expansion by a major global economy
  government on businesses outside their borders.

• Experts and consultants pored through the several
  hundred pages of regulations and articles and
  came to a core consensus that any entity that
  handles the personal data of EU nationals and
  individuals would be impacted even if theyre
  physically and legally outside the EU.  At the
  beginning, the focus was mostly on how the EU
  authorities would view GDPR and data privacy
  compliance.

• Flash forward to now and the questions U.S.
  businesses are now asking themselves are not just
  what the EU authority expects but their
  customers.  Equifax and Facebooks recent
  missteps in handling personal data have made
  average users painfully aware of how vulnerable
  their personal information is to misuse and
  exploitation.

3

• Whether GDPR directly and legally applies to your
  specific business or legal practice may come down
  to the finer details of the GDRP regulations. 
  How large is the personal data youre handling? 
  What type of personal data and how private is
  it?  And to what purpose is the personal data
  used?

4
If youre an INSZoom customer, its likely youre
using your clients personal data towards a
mutual agreed purpose related to immigration,
global mobility or travel. These types of data
transactions dont seem to be of critical concern
for the EU authority and their GDPR because of
the specifics, narrowness in scope, transparency
and consent of use regarding the data transaction.
5

• Though the collected personal information is
  private, sensitive and non-public (e.g. racial or
  ethnic origins, financial, legal, etc.), it is
  not used towards the behavior monitoring or
  massive data analytics which have been the
  subject of such public scrutiny, criticism and
  lawsuits.

6

• Given the current state of privacy awareness we
  enter, it should not come as a surprise that many
  of our customers are using the May 25th deadline
  not only as a GDPR compliance date but also as a
  blanket data privacy readiness for all its users
  instead of just EU users.

7

• It would not be the first time that a new
  regulation has impact outside its original
  objective.  Its probable that we are entering a
  new normal and level of expectation baseline in
  what is required for data security and privacy.

8

• Regardless of the size of your GDPR footprint,
  INSZoom is well positioned to provide the
  technology, structure and support needed.  Weve
  been following Privacy By Design practice since
  the beginning in 1999. INSZoom possesses ISO/IEC
  27001 certification and all data collected is
  formatted in a 256 bit Encrypted SQL Database.
  Technology experts have found that data security
  best practice under the ISO 27001 framework meets
  much of what GDPR requires under its article
  including technology and security measures such
  as

• ISO 27001 mandates the listing of all relevant
  statutory, legislative, contractual, and
  regulatory requirements.
• Risk assessment requirements of the ISO 27001
  mandates the implementation of a Data Protection
  Impact Assessment and undertaking an evaluation
  of privacy risks.

9

• Asset management requisites of the ISO 27001
  include personal data as a valuable information
  security asset which must define which personal
  data are involved in your operations, its
  origins, where to store it, for how long, and who
  will have access to these including any
  applicable supplier and storage relationships.

• ISO 27001 dictates systems acquisitions,
  development, and maintenance, which requires data
  security as an integral component of information
  systems throughout its lifecycle.

• Breach notification strictures under the ISO
  27001 entail an efficient and consistent method
  to deal with data security to notify authorities
  within 72 hours after the discovery of a personal
  data breach.

10

• ISO 27001 uses risk assessments to identify the
  necessary controls regarding risk management,
  data protection impact assessments, and
  mitigation to the risks regarding rights and
  freedoms of data subjects.

11
Given In addition, INSZoom application has
committed itself to respecting and promoting the
data rights the GDPR has outlined for all our
customers by affirming the following
12

• No controller or data subject personal data is
  subject to cross border data flows outside the
  U.S. especially in the EU. All data is stored at
  our hosted servers with Amazon Web Services in
  North America (U.S. for our U.S. clients and
  Canada for Canadian clients) which has military
  level security.

• No controller or data subject personal data is
  shared with any unauthorized third party
  including contractors or outside entities such as
  credit, consumer or marketing entities.
• INSZoom will process our customers data for the
  sole purpose of providing the services according
  to their instructions and hosting and service
  agreements

• INSZoom will implement and maintain technical and
  organizational measures to ensure a level of
  security appropriate to the risk as set out by
  the GDPR and related regulations

13

• INSZoom will inform our customers without undue
  delay of requests from their Data Subjects
  exercising their Data Subject rights addressed
  directly to INSZoom regarding our customers
  personal data

• INSZoom will maintain and commit themselves to
  our customers confidentiality and not process
  such personal data for any other purposes, except
  on instructions or unless required by applicable
  law.

• INSZoom will make every good faith effort to
  assist and cooperate with our customers
  reasonable requests for GDPR related assistance
  regarding Information, Audit, Return/Deletion,
  Processing, Assistance and Records requests.

14
Were proud to declare that all our subscription
plans meet the GDPR readiness outlined above in
addition to the tools and features below which
provide additional support to meet your
customers GDPR expectations
15

• E-Consent Module allows you to capture and store
  a clear and authorized consent from the user to
  use their data towards the agreed immigration or
  mobility action.
• Adhoc Reports to track your data user population
  based on what information and audits you need to
  collect and maintain

• HR and Global Vendor Portals to better work with
  your business partners who directly oversee their
  employees the impacted data users
• FN Portals to allow the data user to exercise
  their ability to handle their own data per their
  needs for GDPR and beyond

• Multifactor Authentication for additional
  security and technology measures
• Knowledge Base. Alerts and Compliance Management
  for custom configurations to better organize and
  maintain your client data users

16
INSZoom as a SaaS solution has always stayed
ahead and adapted to industry changes. We are
committed to provide the best solutions by
listening to our customers, innovating and
adapting to the ever-changing immigration
industry.