Stergiou Limited and its online bookstore Stergioubooks.com are fully compliant with the new E.U. regulation about the personal data protection (GDPR - General Data Protection Regulation), which cames into force on 25 May 2018.
However, this is a start, not an end. It was the end of a transition for the companies to prepare for a new approach to the privacy and data protection. The GDPR requires data protection "by default and design". This approach means a new business culture which demands the respect of the data protection in the day to day business.
Our company concluded the compliance procedure on 16 May 2018. Over the transition period, the past two years, Stergiou invested more than 8,000 Euros in enhancing our organisational and technical measures to increase the security and the data protection.
Entirely encrypted devices, files, forms, messages, and data, as well as detailed policies and procedures, consist of our key measures. We also registered with the UK regulatory authority, the Information Commissioner's Office (ICO) and named Leonidas Stergiou as the responsible person for the data protection at our company.
Technical security measures aim to prevent data breaches and any potential fraud incident. In this context, it has been our strategic decision to only cooperate with tier 1, global and high-secure partners, such as Google, Apple, Amazon, Ingram/IngramSpark, DHL, McAfee, HSBC, Stripe, PayPal, MailChimp, Sophos, et.c.
However, once all our data are firstly encrypted and next uploaded to cloud storage services or transmitted via emails or cloud, the risk significantly reduces, even if one of the above high-tech and high-level security giants receives attacks or in case of a breach.
Policies and procedures describe our internal rules, culture, and approach to privacy. They support transparency and information of our customers, suppliers, authors, web visitors, and all our stakeholders. Furthermore, they provide detailed instructions to employees and partners how to handle day to day issues from communication and accounting to introducing new technologies or agreeing on new partnerships. Among others, we introduced age control and warning during subscribing our mail lists or placing orders. Also, open an account on our website to place orders is now obligatory. Your account gathers your order history and makes it easier to change your details.
Unfortunately, all experts and specialists in security say that no storage or transmission system on the Internet can be considered 100% secure. Thus, the data protection is an ongoing procedure, as GDPR says. We have to continuously enhance our security systems and measuring our risks, reviewing our policies, procedures, and measures. And, we must keep you informed of any change.
All of us, corporates and individuals should become more familiar with the risks and threatens, and become more careful when we handle our date. For example, we must change our passwords frequently and keep them secure. We never reveal our passwords via emails, and we must always deal with reputable and safe websites and online services. Some details can be reliable indicators about the security of a site. For example, is it encrypted (SSL or https)? Does it have an online security system to prevent malicious behaviours and intentions? Does it provide appropriate details about the ownership, the management team, and other essential information such as phone numbers, address, et.c.? Who are their providers, suppliers, and partners?
Interesting to read (external links):