Posted by David Whitehouse

Express Group has always taken all information security seriously including that of personal data, whether Express Group are considered as a data processor or data controller.

In terms of the GDPR Express Group has been working towards being fully compliant throughout 2017/18 in order to ensure that Express Group and GoPrint3D customers can be certain that they are dealing with a fully compliant GDPR business and utilising GDPR compliant solutions. The work will conclude prior to the May 2018 date for introduction of the regulation.

Express Group as an organisation (including our GoPrint3D division) will be fully compliant with all aspects of GDPR by May 25th 2018.

Assessment
Express Group has reviewed the GDPR and matched its own activities and products against the regulation in four key areas. Express Group considered the regulation against the business as:

1: A data controller of its own employee data.
2: A data controller or processor of third party data such as activity relating to direct sales and marketing.
3: A business that uses third party software.

A public document will be made available that details the policies and activities that Express Group employs matched to the clauses of the GDPR should any client have a detailed question in respect of compliance.

Express Group uses applications which remain hosted solely from UK data centres, and Express remains as the hosting provider.

Activity
Express Group is amending its activities and associated policies and procedures as necessary to fully comply with GDPR following a thorough assessment.

Express Group is reviewing and if required amending its client and supplier contracts to ensure the GDPR reaches throughout the supply chain for the provision of its services and solutions.

Express Group is reviewing all its suppliers and clients for compliance with GDPR paying very close attention to those involved in personal data gathering and marketing activities.

Express Group is carrying out Privacy Impact Assessments as necessary.

The Express Group & Go Print 3D websites are being updated so that customers have the assurance that they will be contacted and treated in accordance with GDPR requirements. The websites will contain Express Limited’s privacy policies clearly identified.

The solutions Express Group procedures are being fully reviewed and will be amended if required. These amendments will include creating facilities for clients to service GDPR personal data requests, conduct GDPR data removal and data anonymising actions for a chosen individual.

Express Group remains committed to information security, especially regarding personal data where it is captured on behalf of our clients as part of our data processing obligations.

To see a full, signed, copy of this statement, please click here.