PaR Systems has recently received Cyber Essentials certification, which assures that we meet and adhere to new regulations of the Data Protection Act of 2018 which concerns the handling of government sensitive information in the UK. Cyber Essentials Plus certification is also a component of ensuring our GDPR compliance. We are happy to share this certification to our customers in the UK and provide them with this added value and assurance of our secure usage of their data by now meeting the these new Data Protection regulations.
PaR has taken additional measures beyond the Cyber Essentials Plus certification, to ensure our GDPR compliance including our registration with the US Commerce Department, Registration with Privacy Shield, which protects information shared from EU and UK PaR locations to US PaR locations, and completing UK Data Processing registrations with the Information Commissioner's Office (ICO). Cyber Essentials is a Government backed regimen that helps protect companies against cyber-attacks and verifies their cyber security. Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. Cyber Essentials Plus, is required by the UK government to handle sensitive UK government data for both civilian nuclear and defense contracts. This Cyber Essentials Plus Certificate certifies that PaR Systems, LLC meets the Cyber Essentials Plus implementation profile to handle sensitive data [BIS/14/696/1.5]. The Information Commissioner's Office (ICO), who upholds GDPR in the UK, recommends Cyber Essentials for the cyber security and processing of personal data.
You can find a link to our company listing with the QG Cyber Essentials Register by visiting www.qgstandards.co.uk/cyber-essentials-accredited-companies.
You can also find PaR listed here on the National Register of Cyber Essentials Certified Companies.
For more information about our compliance with GDPR or other privacy policies, please visit: https://www.par.com/privacy-policy
About the General Data Protection Regulation (GDPR)
GDPR was enacted in the UK as a part of the Data Protection Act 2018. The GDPR is a set of regulations, intended to guarantee the privacy of individuals and protection of personal data, within the European Union. This QG Data Management Standard applies to all companies who are 'controllers' and/or 'processors' of personal data. The definitions are the same as under the Data Protection Act 1998 and state how and why personal data is processed and the processor acts on the someone's behalf. The GDPR applies to processing carried out by companies operating within the EU and also to companies outside the EU that offer goods or services to individuals in the EU. This regulation demands that companies like PaR take appropriate measures to protect the integrity and confidentiality of any personal data they hold.
(Sources: https://www.cyberessentials.ncsc.gov.uk/about; https://www.qgstandards.co.uk/qg-standard-certification/gdpr/)
About Privacy Shield
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law (see the adequacy determination). On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. See the statements from the Swiss Federal Council and Swiss Federal Data Protection and Information Commissioner.
The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join one or both of the Privacy Shield Frameworks in order to benefit from the adequacy determinations. To join either Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework's requirements. While joining the Privacy Shield is voluntary, once an eligible organization makes the public commitment to comply with the Framework's requirements, the commitment will become enforceable under U.S. law. All organizations interested in self-certifying to the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework should review the requirements in their entirety. To assist in that effort, Commerce's Privacy Shield Team has compiled resources and addressed frequently asked questions below.