Cygna (trading as a division of ESD Control Centre Limited) supplies computer parts, sub-assemblies and complete computer units – we are committed to protecting any data that we collect concerning you or your organisation. By using our services you agree to the use of the data that we collect in accordance with this Policy.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) that was enforced from May 25th 2018.
ESD Control Centre Limited is committed to high standards of information security, privacy and transparency, across its global sites. The company strives to comply with applicable GDPR regulations, including its position as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
ESD Control Centre places high importance on information security and within The Group, we comply with a number of standards that also focus on information data security standards including ISO9001 and PCI-DSS.
The company is registered with the ICO under registration number ZA291340 with trading names listed as Antistat, Integrity Cleanroom, Cyberpac, Cygna & Acupaq – organisation name is The E.S.D Control Centre Limited. Ant Group is the parent company of E.S.D Control Centre Limited.
GDPR imposed new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects. The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals within the EU.
ESD Control Centre complies with the GDPR as a processor and controller of data and planned and developed a programme of works which delivers what is required by the legislation. This involved working with our suppliers and partner organisations to ensure they can meet these obligations. We have engaged an external advisor to ensure we delivered best practice in compliance, and our programme falls into these areas:
Customer Contracts: Our Service Agreements already addresses GDPR compliance.
Policy Development: We reviewed/ refreshed and developed our range of policies including (but not limited to) our ISO-9001 Controls, PCI-DSS, Data Breach Policy, Business Continuity Plans, Subject Access Requests, Individuals Rights, best data protection practice.
Data Impact Assessments & Data Inventory: We undertook a systematic review of the data we store, manage, maintain, collect, process and control. This included offline storage and paper records. Assessments of the data reviewed information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.
Training & Awareness: We undertook a rolling training programme across the Group on the GDPR and its impact on the new policies, procedures, and responsibilities of staff & stakeholders in this new regime.
Supplier & Partner relationships: Where relevant and related, we used all reasonable endeavours to ensure that our third party and suppliers are complying with GDPR and ESD Control Centre Policies.
Technology: we reviewed our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.
ESD Control Centre’s data security team, our senior management and advisors will continue to monitor the programme up to May 2018 and beyond.
May 1st 2020 Article Addendum 4.7