Internal ISI Training

Background: The General Data Protection Regulation (EU) 2016/679 (“GDPR”) was effective on 25 May 2018.  GDPR is a regulation that applies to all European Union countries and ensures the protection of natural persons who are EU residents with regard to the processing of their personal data and the free movement of such data. GDPR provides these EU residents with additional rights that they did not have under previous regulations with respect to their data.  GDPR also imposes additional restrictions on any company that collects, retains, or processes an EU residents’ personal data. GDPR applies to Innovative Systems, Inc. and Fin-Scan GmbH in each company’s role as a Data Processor for certain Clients for which it processes EU Personal Data.  GDPR also applies to Innovative Systems, Inc., Innovative Systems, Incorporated, and Fin-Scan GmbH each as a Data Controller for the processing each company’s own EU Personal Data. 

The Innovative group of companies and Information Security Office have established a GDPR Program that facilitates compliance with GDPR as a Data Processor and Data Controller. In particular, this program utilizes a multifaceted strategy to address the requirements of GDPR, combining traditional contracting methods and stringent policies with established technical and organizational measures.  

A training program was developed to ensure that all employees that collect, retain, or EU Personal Data as part of their employment comply with the GDPR Program, understand GDPR requirements and the rights of Data Subjects.  This training program consists of the following training modules:

(1)    GDPR Overview Presentation (video)

(2)    Data Subject Rights and Training

(3)    Data Protection Impact Assessments

(4)    Article 30 Records Training

(5)    Personal Data Collection Checklist

Each employee’s knowledge of this information will be tested with a short quiz.  The completion of this training by each employee will be maintained for the company’s records.