Wizard IT GDPR Statement - Updated 23rd May 2018

On May 25, 2018, the General Data Protection Regulation (GDPR) is fully enforceable across the European Union (EU), creating a higher standard for data protection, privacy, and security for the processing of personal data from the EU. The GDPR applies to the processing of personal data regardless of where that takes place in the world and impacts any company that handles personal data of EU citizens and others within the EU.

Wizard IT recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR compliance across all business units and we provide all updated information in our Privacy Policy and our Cookie Policy.

 Wizard IT has completed key assessments and updates to satisfy the GDPR requirements and all initiatives have been executed with the goal of providing transparency to data subjects regarding the care with which their personal data is treated.

Wizard IT has looked at every product and implemented processes and procedures designed to meet the obligations outlined in GDPR. Wizard is confident the steps taken adequately address the GDPR requirements and provides us the ability to satisfy data subject right requests.

What We have Done

# Obligation Status Key Compliance Milestones
1 Privacy Policies / Legal Updated policies, contract language, and DPAs
2 Data Protection / Security Updated guidelines; implemented security and access controls; audited vendors, IT systems, and products.
3 Data Subject Rights Developed processes and implemented technology to manage DSR requests.
4 Data Management / Mapping Completed data mapping and inventory of systems that manage personal data, including with implementation of data retention guidelines, data minimization standards, and de-identification methods.
5 Awareness / Training Conducted both enterprise and functional training and implemented additional data controls at the functional level.
6 Data Breach Notification Updated  Security Incident Response Plan and conducted updated annual training to Wizard team members.

Wizard IT products and services meet the principles of privacy by design and default as outlined in Article 25 of the General Data Protection Regulation (GDPR). Adherence to these standards means that our products have appropriate privacy and security features embedded within their design, and Wizard IT has the ability to fully support the data subject rights called out in the GDPR.