The following statement addresses Edenred’s commitment to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
What is the GDPR?
The General Data Protection Regulation, or GDPR, is due to come into force on 25th May 2018 and will replace the local transposition of European Directive 95/46/EC related to the processing of personal data. Whilst many of the new legislation’s main concepts and principles are aligned with the current local transposition of European Directive 95/46/EC there are new elements and significant enhancements to strengthen and unify data protection for all individuals within the European Union.
What is Edenred doing to prepare?
Edenred has a board level approved GDPR compliance project in progress. This has prompted a cross-business review to identify all areas where changes are required to our current policies and procedures to assure GDPR compliance is achieved. We have been engaging with legal data protection experts to ensure we interpret the new legislation correctly and apply it throughout the business. This project will establish and embed GDPR accountability principals to fully support our commitment to protecting all personal information held by Edenred.
Edenred GDPR Statement & scope considerations:
Edenred provides a diverse range of products & services. We help organisations engage and motivate their people to achieve enhanced performance. This is achieved through the provision of unique and unrivalled total reward solutions; Employee Benefits, Incentives & Rewards, Public & Social Programs. In addition the business model supporting a product can vary to align with client specific needs. To this end, our GDPR preparation statement aims to communicate the basis of our approach.
- Edenred Group SA has appointed a Data Protection Officer with global oversight.
- The Edenred GDPR compliance project is Board approved and locally managed by our Information Security & Compliance Officers.
- Edenred has identified employees with responsibilities for key areas of GDPR specialist knowledge.
- Edenred is closely following the local Data Protection Authority guidelines for implementing GDPR.
- Edenred is conducting Information Audits. This activity will, in particular, enable Edenred to ensure that only personal information required for service delivery is collected and that such information properly processed.
- Edenred is establishing a data processing register
- Where required, Edenred will conduct Data Protection Impact Assessments or Privacy Impact Assessments.
- Edenred is conducting 3rd party supplier due diligence updated to accommodate GDPR standards.
- Edenred is revising our contracts to incorporate the GDPR requirements.
- Where required, Edenred will be making software application and technical changes in support of our GDPR obligations.
- Edenred is updating our policies and procedures to promote and embed the ‘data protection by design’ principal.
- Edenred will be refreshing training for all employees to familiarise them with new operating standards and promote the key principals of GDPR.
Frequently Asked Questions:
Edenred processes personal information for over 50,000 organizations. This prohibits, in practice, conducting an efficient 1:1 dialogue with all clients about GDPR implementation. Therefore, in response to an increasing number of client requests for more detailed information regarding Edenred products and services regarding GDPR compliance, we have started compiling a Frequently Asked Questions repository. While we are developing this, please check our online service desk for FAQ consultation and fill-out the request form in case of additional questions. We will keep this list updated to the 25th May 2018 and beyond.
If you require further information regarding Edenred’s GDPR Preparation, Edenred can work with you in more detail to provide you with more information. These requests are subject to an NDA and may incur a fee depending on scope and size of the information or assistance request.
Olivier Bouquet – Managing Director Edenred Benelux