Page 2 - Dash of SPiCE (June 29, 2018)
P. 2
Adopting the EU GDPR
Adopting the EU GDPR
In preparation for the massive territorial scope, implications and impact
of the EU General Data Privacy Regulation (EU GDPR) that took effect
on May 25, 2018, the Legal, Corporate Governance, Compliance and
Audit (LCCA) Group rolled out new policies and activities that align
SPi Global with its provisions.
This enterprise-wide compliance initiative relating to the EU GDPR - which applies to all
SPi Global clients, employees, and third-party suppliers - has set in motion the
implementation of stricter information security controls in order to keep our business
protected, as the penalties for non-compliance are grave.
€20 NON-COMPLIANCE PENALTY
MILLION 4% - Improper collection and
processing of data
ANNUAL REVENUE - Not acquiring proper
consent from data subjects
- Not observing the rights of
whichever
is higher. the data subjects
While the LCCA, HR Ops and other Business Support Units work hand-in-hand in providing
proper guidance to all stakeholders, it is as important that employees heed the call for
“100% compliance”. It is vital that each employee takes responsible action in
accordance to the EU GDPR and SPi Global policies, and exhibit a proactive response
to their mandates.
• Employees should complete the Computer-Based Training (CBT) promptly
• Employees should sign the Non-Disclosure Agreement (NDA) and the
Data Privacy Consent Form, as cascaded by HR Business Partners
• Employees should understand and comply with SPi Global
Data Privacy/Protection Policy
• Employees should participate in the Information Security roadshow to keep
abreast with new stipulations on information security controls, and avoid
accidental personal data and security breach
• Immediately seek guidance, consult with, and/or report any data privacy
and security breach to the Data Privacy Officer via dpo@spi-global.com
Adopting the EU GDPR • 29 June 2018 2
of
