On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect. GDPR addresses the rights that individuals have regarding personal data related to them and seeks to unify data protection laws across Europe, regardless of where data is processed. There are various requirements under GDPR, including requirements around consent, data transfer, data security and breach notification. GDPR will help ensure that individuals have provided consent on how their data is being used, held and transferred to other locations or parties, as well as how they are notified when companies breach the rules.
Under GDPR, there are stronger responsibilities for handling personal data of EU individuals (“data subjects”). Organizations who collect and process personal data from individuals are “data controllers”. Service providers who process personal data on behalf of the data controller are “data processors”. When we collect and process personal data on behalf of our clients, we take the roll of “data processor” while our clients who collect and process personal data from EU individuals are “data controllers”. Both data controllers and data processors have shared GDPR responsibilities to data subjects. Epiq, as a data processor, has undertaken the following compliance measures to ensure Epiq meets its GDPR requirements:
Since inception, Epiq has been proactive in designing and building security into our products, networks and services. Epiq seeks to lead in defining and implementing best practices for cybersecurity. The GDPR coming into effect allows us to reiterate our mission to remaining secure and providing our customers with the privacy they deserve.
For more information, please review our Privacy Statement.
© 2020 Epiq. All rights reserved.