NTT EUROPE LIMITED GDPR STATEMENT
NTT Europe (NTTE) and the wider NTT Group take the security of customers’ and staff’s personal data very seriously.
NTTE already ensures compliance with the data privacy laws of the countries in which it operates and the EU Data Protection Directive 95/46/EC.
This Statement is provided by NTTE as a result of the European Commission releasing the General Data Protection Regulation (GDPR) which will come into force in May 2018.
Despite the fact that the UK will be leaving the EU, the Brexit secretary, David Davis has confirmed that the influence of European legislation will continue long after the exit is complete. The government has unveiled the Great Repeal Bill that will import EU law on to the British statute book, and that past rulings of the European Court of Justice would continue to be binding, as it applies on the date of final exit.
The UK Government has specifically stated that, notwithstanding the imminent exit from the EU, the UK will be implementing the GDPR when it comes into force on 25 May 2018 which is before the likely Brexit date of 29 March 2019.
As a company NTTE already takes stringent measures to ensure the security and protection of information. Security is part of our DNA and our Company Values. We are certified to ISO 27001 and will continue to maintain this certification for the foreseeable future. This certification confirms NTTE’s commitment to the security of our services, covering both physical and logical security controls. We have a data protection policy, and we provide information security training to all staff that includes handling confidential data, data retention and data disposal.
In preparation for the GDPR we are enhancing our breach notification process to be in line with new requirements and we will continue to test this annually. In the event of a breach relating to your (customer) personal data we will inform you of any actual or potential privacy breach as soon as we become aware of it.
We are enhancing our data protection ‘objection’, ‘deletion’ and ‘right to be forgotten’ process for our own personal data and where applicable will assist customers to do the same, where we are empowered contractually to maintain customer’s personal data.
The company is actively involved in seeking Binding Corporate Rules (BCRs), but for the time being will continue to use EU model clauses for intragroup transfers and for customer data transfers outside the EU.
NTTE offers a variety of hosting, networking and managed services and customers can choose additional security services to accompany these. Customers are reminded however that they share a joint responsibility to adequately secure their own personal data and their own environment. Where possible it is recommended that customers encrypt personal data both in transit and at rest. NTTE can provide additional security services to assist customers with their compliance initiatives.
Customers should conduct a Privacy Impact Assessment where content to be processed by NTTE may include personal data and this should be concluded prior to entering into a binding legal agreement with NTTE. NTTE will be happy to assist you with the preparation of the PIA.
For more information on your obligations under the GDPR please click here:
For Model Contracts for the transfer of personal data to third countries (“EU model clauses”) click here: http://ec.europa.eu/justice/data-protection/international- transfers/transfer/index_en.htm
For UK customers the ICO has issued a useful guidance document on GDPR which can be found here: https://ico.org.uk/for-organisations/data-protection-reform/guidance-what-to- expect-and-when/
A similar guidance document has been released by the CNIL for French customers: https://www.cnil.fr/fr/comment-se-preparer-au-reglement-europeen-sur-la-protection-des- donnees
And for German customers here: https://www.datenschutzbeauftragter-info.de/fachbeitraege/eu- datenschutz-grundverordnung/