Vanderbilt Industries

In 2015, the EU launched the new “General Data Privacy Regulation”. This enters into force from May 25, 2018 and every company operating in one or more of the 28 EU member countries must abide by this regulation. As such, this will have a big impact on how companies handle of personal data.

Vanderbilt operates in a majority of EU’s 28 countries and processes all data in private and public cloud suppliers in the EU and USA. Therefore, the GDPR compliance is an important issue.

Data protection concept

Since the beginning of 2017, Vanderbilt has initiated several activities to comply with this new adjustment. As the EU regulation highly depends on the old German Data Protection regulation, Vanderbilt enlarged their already existing protection processes in Germany, and began to roll these out to offices in other European countries.

Vanderbilt assigned a Data Protection Officer on July 1, 2017. Until May 2018, to primarily develop and implement a data protection concept. This includes obtaining general agreements with all external suppliers to obligate them to store the relevant data and to operate according to the GDPR. Part of Vanderbilt’s agreement with suppliers is to get a list of third countries that might store data. Mostly, using the Vanderbilt’s GDPR compliant agreement for the commissioned data processing. If a supplier proposes their own agreement, Vanderbilt carefully checks the content to ensure that all GDPR requirements are reflected.

In the last broad cyberattack, Wannacry, Vanderbilt and selected providers could not report any violation of data usage

Software-as-a-Service products

A special area of focus is Software-as-a-Service products such as Vanderbilt’s ACT365 and SPC Connect. These solutions must also comply with the new regulation. As Vanderbilt operate and store personal data from customers, the company emphasises on the security and encryption of the processed data, the storage time of data, and the design of the privacy and data protection.

The actual GDPR will not be the final version as there are further needs yet to be addressed. For instance, the new obligation to inform the authorities about data privacy or security violations is on the right track, but it is not clear when an incident must be reported. Companies still have different interpretations of what is a serious or harmless incident.

To summarise, Vanderbilt are certainly on the right track but still have more to do. However, in the last broad cyberattack, Wannacry, Vanderbilt and selected providers could not report any violation of data usage.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Vanderbilt Industries case studies

Vanderbilt’s SPC Wireless devices are the perfect match for retail establishments

Vanderbilt’s SPC Wireless is an ideal fit for the retail sector. First off, SPC Wireless devices’ aesthetically appealing design is perfect to fit in with retail environments and compliment the surrounding environments of a modern-day retail store. But, as well as featuring a sleek design, the Wireless devices also have many standout features that specifically benefit the retail sector. Automatic power saving One of these benefits is long battery life as the devices are supported b...

Vanderbilt ACT365 addresses access control security concerns at Study Abroad University, London

Access control has become a central component for the safety and security strategies of today's schools, and due to the complicated threats and challenges these facilities face, a school's access control technology must be innovative and intelligent enough to ensure comprehensive protection. The education sector is a gateway to the future for young people all over the world. But to assure this passage, schools must guarantee their students safety as well as their education. One such example of...

Vanderbilt’s ACT365 cloud-based access control solution protects Work.Life facility in London

Security installation specialist Vision Security Services installed Vanderbilt’s ACT365, a cloud-based access control and video management system, at Work.Life, a co-working and private offices facility in London Fields, east London. The ACT365 solution was implemented late in the construction stage, as initially, the client had used a conventional system, before realising late-on the benefits available from cloud management. Essentially, the client needed unified management of access poi...