We are officially GDPR compliant

December 17, 2019

We finally acquired the GDPR audit report.

Epinion has always worked seriously with personal data. In the beginning of 2018, all of Epinion was mobilized and engaged to aquire awareness about the coming new legislative changes related to handling personal data. Our journey up until this day can be categorized in three waves.

The first phase focused on getting ready for the EU GDPR regulation that came into force May 25th 2018.

This required a significant effort in cleaning data, defining new roles and responsibilities, as well as new processes for those working with personal data.

The second phase was centered around implementing a system supported setup to effectively ensure that GDPR procedures continuously are compliant. It has been, and continues to be, a learning for all parties involved – clients as well as consultants. Many areas of the EU GDPR regulation are new territory and established precedence cases are not always present. We are much wiser now and know the answer to standard questions and challenges we meet.

We have just entered the third phase where we will work on automating the GDPR- and control processes even more making GDPR an integrated and seamless way of working for all. Through this, our GDPR maturity increases and we prepare to be audited end of 2020, going from an ISAE 3000 type I audit to a type II, which requires that Epinion can demonstrate compliance to GDPR processes through a whole calendar year.

I am proud that we succeeded in receiving our GDPR audit report demonstrating to the outside world what we already knew – we know and respect personal data. Main part of our business is handling personal data. This is a very important milestone to Epinion,” Theis Lange, Operations Director.