GDPR Certification
Security and Privacy
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in two decades. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Canon Medical takes privacy very seriously. As a provider of technological based medical devices, our customers’ privacy has always been one of our top priorities. To this end, Canon Medical commits to compliance with applicable GDPR regulations surrounding data security and privacy.
Ongoing Status
We have addressed GDPR data protection requirements that are applicable to us – whether we are acting as a Data Controller with our employees or potentially a Data Processor with our customers. Canon Medical will continue to be vigilant and to ensure we appropriately respond to any applicable developing requirements.
Data processing
Canon Medical will continue to ensure we’re doing the maximum to protect data and improve our processes and procedures where we identify the opportunity.
Controls
We regularly review our Security and Privacy Policies, procedures, processes and related work plans to ensure that they take into account all governing requirements, confirming we’re fulfilling our obligations to GDPR.
Our customers depend on us to develop and help maintain solution that work within their protected environments. Canon Medical limits the number of roles within the organization that are authorized to access approved customer environments and then only when necessary, according to strict guidelines and documented actions. We comply with information security best practices including multiple-factor authentication and encryption.
Data Protection
Canon Medical commits to conforming to information security best practices. In line with GDPR, appropriate measures are assessed in terms of a variety of factors including the sensitivity of the data, the risks to individuals associated with any security breach, state of the art technologies, and the nature of the processing. These measures include data anonymization in problem investigation/resolution and encryption. Regular testing of the effectiveness of security measures is a continuous process.
Customer Guidance for Data Subject Request (SAR) Responsiveness
We are prepared to help our customers respond and act on their customer queries and requests regarding GDPR Data Subject Rights. Our Data Protection Officers are ready to assist with requests on this front. It is important to note that Canon Medical Customers’ prepare their procedures and processes to conform with SARs as they, as Data Controllers, are solely responsible for the handling of and response to SARs.
Requests and Responses
Any requests of information, access, rectification, restriction of processing, portability, deactivation or erasure should be made to the respective Data Protection Officer.
Canon Medical commits to maintaining robust administrative, logical, technical and physical controls that embrace privacy rights, enhance security and promote GDPR compliance.