The EU General Data Protection Regulation 2016/679 (hereinafter – GDPR) is a new regulation that addresses the collection, use, processing and transfer data of the personal data of European Union citizens.
GDPR applies to all European Union member states and any entity that transfers the personal data outside of the European Union. GDPR becomes enforceable from 25 May 2018.
UAB Syno International is a data company, so we are closely related with GDPR and we comply all applicable requirements of GDPR
1. Have you started working on GDPR (EU General Data Protection Regulation (EU) 2016/679) already?
Yes, UAB Syno International and its subsidiaries has started working on GDPR. We are doing our best to be sure that GDPR will be implemented completely and on time.
2. How and when do you plan to be compliant? (What are the milestones; timing?)
We expect to implement the main requirements of GDPR until 2017-12-31. Also, we are sure that on 2018-05-25 will have implemented all the requirements of GDPR.
2.1. If yes, what kind of project/initiative/team structure and resources do you have in place?
We have an UAB Syno International Data Protection and Information Security Working Group (hereinafter – “Working group”) which consist of 5 employees.
In addition, UAB Syno International has assigned data protection officers. UAB Syno International is officially registered in Lithuanian State Register of Personal Data Controllers as Personal Data Controller. UAB Syno International identification number is P8178.
Furthermore, it is important to note that the Working Group continuously participate in official trainings about GDPR.
2.2. Do you have an implementation plan in place?
Yes, we have a strategic plan inside the company, which consists of 21 points. The Working group constantly work according to this plan.
2.3. What’s your key milestones and schedule?
In UAB Syno International opinion, the most important parts are:
– to ensure personal data security;
– to ensure that all data subjects’ rights will be implemented
3. How does GDPR impact your business? Please give us your analysis and how you plan to change.
UAB Syno International is a data company, so we are closely related with GDPR. It shows the way for us that we want to follow. Furthermore, GDPR has an impact on the company by raising the overall standards of processes.
3.1. If the GDPR does impact the services you provide, what aspects of those services would change?
The main aim of the company would not change. We would still be a data company before and after implementation of GDPR, but improved in terms of safety and transparency.
3.2. Have you already assessed how this impacts your business and services?
If yes, how do you plan to roll out the changes? Yes, we have assessed the requirements. We will also evaluate this in the future continuously. Currently, we are taking action according to GDPR and making sure that GDPR will be completely implemented.
3.3. If yes, how? Which aspects?
3.4. If your processes change, will it be documented?
3.5. Are you doing anything else specific for GDPR?
UAB Syno International is planning to certify in the data security and information security field.
3.6. How do you feel about GDPR: is that a constraint or an opportunity?
UAB Syno International complies with all applicable international, national, federal, state and/or local laws, rules, regulations, codes, requirements, statutes, decisions and opinions, including but not limited to the EU General Data Protection Regulation (EU) 2016/679. In UAB Syno International’s opinion, GDPR is the best way to ensure data subjects rights and data security, so for us GDPR is an opportunity not a limitation.
4. Do you have a DPO (data protection officers) or do you plan to appoint a DPO? If yes, so who is/will be your DPO?
We would like to inform that in adherence to the GDPR, UAB Syno International has assigned the following data protection officers: UAB Syno International lawyer Liudvikas Augutis and UAB Syno International Senior IT Systems Developer Mindaugas Liubinas. We would like to explain that data protection officers assist in ensuring that the requirements of the GDPR are met. They also take part in all personal data security related questions and consult in the field of personal data security.
5. When do you plan to have a compliance plan available to read?
Our policy in this question is that we will inform when all process and all requirements are implemented. Then we will submit and announce all evidence that we are ready.
6. Have you made (or considered making) changes to the contracts you have with your own vendors?
Yes, we are reviewing all documents. Some of the contracts and agreements with our own vendors are changed. Moreover, some contracts and agreements will be changed.
7. Are you using a particular software to manage your data inventory and PIA?
Currently we review all process with personal data and we investigate what kind’s of data we process and how. On top of that, one of our plans is to create a total UAB Syno International map of data.
8. How do you typically educate your employees about privacy and data protection?
UAB Syno International Working Group participate in official trainings about GDPR. UAB Syno International has had main and basic trainings about data security and how to ensure information security in the company. In addition, we always inform employees in email and contracts about their responsibilities.