Evolve IP EU, part of Evolve IP, is the cloud service provider for your communications and customer contact environment. With more than 25 years’ experience and hundreds of customers, Evolve IP EU has the business and technical expertise to realize reliable, scalable and flexible customer contact solutions from the Evolve IP EU Trusted Cloud.
Evolve IP EU has been ISO 27001 certified since 2013 and achieved recertification in 2017 without any findings. The annual external audit and triennial recertification prove that our security management and control programs are set up appropriately and that the audits established to guarantee the safety of our customers’ data, function correctly. Our customers can benefit from the advantages of the cloud with the certainty that all processes, technology and control mechanisms are in place to achieve the highest level of protection and compliance with respect to security, processing and storage of any type of sensitive data.
Information Security Management System
The comprehensive and certified Information Security Management System (ISMS) sets Evolve IP EU apart from other service providers. We understand the risks related to security and can limit these risks within the Evolve IP EU Trusted Cloud (including the links to the customer environment). Among other things, Evolve IP EU does this by proactively applying proven technology, processes and appropriate controls. All measures are audited regularly. This is done externally by independent audit organizations and internally by our qualified personnel. Partly thanks to the implemented policy on Information Security Management, Evolve IP EU is the market leader for providing cloud communication environments.
General Data Protection Regulation (GDPR/AVG)
As from 25 May 2018, organizations will be obliged to comply with the General Data Protection Regulation (GDPR/AVG). This means that the same privacy legislation will apply throughout the European Union, replacing all individual privacy laws of the various countries. The idea of “free flow of data within the EU” offers great opportunities for our customers and for Evolve IP as a provider of cloud services. The introduction of the GDPR also means that the privacy rights of EU citizens are strengthened and that the responsibility of companies which process personal data, increases.
As a Processer of data, including personal data, Evolve IP must guarantee that our customers can meet the GDPR requirements, utilizing our services. That is why Evolve IP started preparations for the new privacy legislation medio 2017. During the GDPR knowledge session of April 12th. last, we informed all customers present about the steps we had already taken and which items we still had to complete. Meanwhile, we have completed our plan and can now say: GDPR, Evolve IP is ready for it!
Three roles are distinguished within the GDPR, namely the Data Subject, the Data Controller and the Data Processor. As a supplier, Evolve IP EU fulfills the role of Data Processor for our customers; Evolve IP EU’s customers fulfil the role of the Data Controller. Based on our responsibility as a Processor, Evolve IP EU guarantees to take all measures to ensure that our customers are compliant for the services outsourced to Evolve IP EU.
What steps did we take?
√ A GAP-analysis was carried out with the aim of mapping the actions for GDPR-compliance. Starting point for this are our information security and privacy policies which have been set up for the ISO27001 certification.
√ From the start we have been working on raising privacy awareness among our associates. For this we have extended our existing ISO27001 awareness program with privacy components, such as a mandatory online GDPR training with knowledge test.
√ We have created a Data Processing Inventory in which we have recorded for all services, on which systems they are processed and/or stored and whether this is done at Evolve IP or at third parties.
√ We have had a Template Processor Agreement dawn up for our Customers, which you can find here: https://www.evolveip.uk/contract-documents
√ And for those suppliers who have access to our data, we have had a Template Sub Processing Agreement drawn up. Witch these suppliers we have concluded Sub-Processing Agreements. Besides this, Standard Contractual Clauses (SCCs) have been concluded with Evolve IP US. Evolve IP US achieved an EU Privacy Shield registration in 2017.
√ The ISO27001 controls and our Security Policy have been extended with privacy items from the GDPR.
√ Our procedure for reporting Data Breaches has been improved to help our clients meet the reporting and communication requirements of their Data Processing Authority (DPA).
√ Security by Design and Privacy by Default were already an integral part of our ISO27001 certification; the new privacy legislation was a great reason for us to review and adjust these principles.
√ The standard retention periods for the data have been examined, and where possible, these have been tightened. See also our SLA: https://www.evolveip.uk/contract-documents
√ Evolve IP’s systems and applications have been made suitable and tested for executing GDPR-requests.
√ Our goal is that our customers can view/change/anonymize their data on our systems themselves as often as possible, through our self-service portals.
√ If customers are unable or unwilling to perform GDPR-requests themselves, we will take care of this. Our colleagues from Customer Service and ICT are trained to handle GDPR- requests and to carry them out within 10 working days.
Within Evolve IP EU, two Security Officers are responsible for compliance with the new privacy legislation. They are supported in this by external legal advisers. In addition, knowledge and expertise in the field of information security is shared with privacy specialists, both within Evolve IP EU and Evolve IP US.
Evolve IP is ready for the new European privacy legislation. Our customers can continue to safely avail of our services.