Antistat (trading as a division of ESD Control Centre Limited) provides ESD consumables and cleanroom technologies – we are committed to protecting any data that we collect concerning you or your organisation. By using our services you agree to the use of the data that we collect in accordance with this Policy. We are committed to protecting your privacy.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25th 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.
ESD Control Centre Limited is committed to high standards of information security, privacy and transparency. The company will comply with applicable GDPR regulations when they take effect in 2018, including its position as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
ESD Control Centre places a high importance on information security and within our Group we already comply with a number of standards that also focus on information data security including ISO9001 and PCI-DSS.
The company is recorded with the ICO under registration number ZA291340 with trading names listed as Ant Group, Antistat, Integrity Cleanroom, Cyberpac, Cygna & Acupaq – organisation name is The E.S.D Control Centre Limited.
Our team of experienced business analysts, consultants and digital specialists will also help to support customers in meeting their obligations through the provision of expert services and value-adding solutions.
The company has three main areas of focus in preparing for GDPR overseen by an internal cross-functional team:
- Building on existing security and business continuity management systems and certifications, including ISO 9001, PCI-DSS and IG Statement of Governance, to ensure our own compliance standards are met.
- Provision of services and solutions which help customers to understand and prepare for GDPR, develop compliance plans and build a stronger platform for the future by taking control of their data.
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects. The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals within the EU.
ESD Control Centre will be complying with the GDPR as a processor and controller of data and have been planning and developing a programme of works which will deliver what is required by the legislation. This will involve working with our suppliers and partner organisations to ensure they can meet these obligations. As we work towards compliance, we have engaged an external advisor to ensure we deliver best practice in compliance, and our programme up to May 2018 falls into these areas:
Customer Contracts: our Service Agreements already addresses GDPR compliance.
Policy Development: we will review/ refresh and develop our range of policies including (but not limited to) our ISO-9001 Controls, PCI-DSS, Data Breach Policy, Business Continuity Plans, Subject Access Requests, Individuals Rights, ICO Good Practice.
Data Impact Assessments & Data Inventory: we are already undertaking a systematic review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.
Training & Awareness: we will undertake a rolling training programme across the Group on the GDPR and its impact on the new policies, procedures, and responsibilities of staff & stakeholders in this new regime.
Supplier & Partner relationships: where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with GDPR.
Technology: we will be reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.
ESD Control Centre’s data security team, our senior management and advisors will continue to monitor the programme up to the target date in May 2018 and beyond.
May 1st 2018 Article Addendum 3.12