Sunrise has always fully committed to our customers’ rights to data protection and privacy, complying with EU and UK regulations. The introduction of GDPR, effective date 25th May 2018, has provided Sunrise with the opportunity to strengthen our data protection commitment in partnership with our customers. We are currently preparing to comply with GDPR both internally and commercially through a GDPR readiness project across Sunrise. As part of our project, Sunrise is ensuring the seven principles of GDPR are embedded across its business processes. Our dedication encompasses the partnerships we have with our customers, to help them comply with GDPR through enhancements to our products, contracts and documentation. What is GDPR? GDPR is underpinned by data protection principles to guide compliance. The seven principles set out in Article 5 of the General Data Protection Regulation are: 1. Lawfulness, fairness and transparency Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. 2. Purpose limitation Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. 3. Data minimisation Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. 4. Accuracy Data shall be accurate and, where necessary, kept up to date. 5. Storage limitation Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 6. Integrity and confidentiality Data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 7. Accountability The controller shall be responsible for, and be able to demonstrate compliance with the GDPR. Ensuring Sunrise Readiness With hundreds of on-premise and SaaS customers, supporting tens of thousands of users, Sunrise has committed to be GDPR compliant across the business when GDPR comes into effect on the 25th May 2018. The Information Governance team is tasked with identifying the key impacts of GDPR across Sunrise’s business. As a data controller, Sunrise is addressing its obligations for managing internal Data. As a data processor, Sunrise is ensuring compliance and governance for all services that process personal data. GDPR and ITIL Sunrise is using the Continual Service Improvement model from ITIL to manage the GDPR process, ensuring we remain agile to comply with any future changes. Our Sunrise ITSM software allows us to map this business process and control all areas of the requirements from one solution. This process covers people, processes and technology to ensure the relevant actions are in place to complete GDPR compliance. All actions are assigned and set out to ensure specific outcomes.