GDPR Commitment Statement

Cenveo Corporation and its affiliates (collectively, “Cenveo”) are fully committed to compliance with the General Data Protection Regulations (“GDPR”) and are in the process of meeting our compliance obligations. Cenveo has completed following aspects of our GDPR compliance program:

  • Updated privacy policy to meet the rigorous privacy requirements mandated by GDPR on our websites
  • Approved EU-U.S. Privacy Shield Certification to comply with data protection requirements when transferring personal data from the EU to the U.S.
  • Created a contract between EU and India operations to create a secure cross-border data transfer between the two regions
  • Development of an organization wide governance and oversight program
  • Improved documentation templates to better understand our data flows
  • Completed project impact analysis to fully understand the scope of Cenveo’s obligations
    • Determination of the type of personal data to which Cenveo may have access
    • Analysis of an organization structure for the privacy function –definition of policies and procedures, roles and responsibilities etc.
    • Identification of high risk processes, systems and data processors that will be within the scope of GDPR
  • Created a process to manage rights of data subjects through the Cenveo website Contact Us page
  • Created a Data breach notification process
  • GDPR, data privacy and awareness training module

 By the end of Q1 2019, Cenveo will address the following remaining GDPR compliance activities:

  • 3rd party management and contract review
  • Enhanced data protection and security controls
  • Consent management for all Cenveo websites and portals

Data Protection and Security
Cenveo deploys and maintains security protocols based on ISO best practice guidelines for security, availability, processing integrity, confidentiality and privacy. We deal with a wide variety of customers with requirements to comply with different regulatory needs such as HITRUST (certification targeted by November 2018), HIPAA, NIST 800-53 Framework. We have demonstrated our commitment to data privacy and protection by consistently meeting these industry standards.

Our privacy controls provide an adequate level of assurance on the effectiveness of our internal control environment. We run this compliance program at an enterprise level to benefit our clients indirectly.

Contact Person
Any GDPR related questions can be addressed to Cenveo’s Compliance Officer at compliance.contact@cenveo.com.