GDPR Commitment Statement

Cenveo Corporation and its affiliates (collectively, “Cenveo”) are fully committed to compliance with the General Data Protection Regulations (“GDPR”) and are in the process of understanding the full scope of our obligations by the effective date of May 25, 2018.
Cenveo’s preparation includes, without limitation:

  • Determination of the type of personal data to which Cenveo may have access
  • Development of an implementation schedule and activities related to the implementation
  • Development of an organization wide governance and oversight program
  • Analysis of an organization structure for the privacy function –definition of policies and procedures, roles and responsibilities etc.
  • Identification of high risk processes, systems and data processors that will be within the scope of GDPR
  • Documentation of the data flow for these processes
  • Privacy Impact Assessment of high risk processes and systems
  • Process to manage rights of data subjects
  • Data breach notification process
  • 3rd party vendor / data processors compliance to their obligations under GDPR
  • Revised privacy policy documents

 
Data Protection and Security
Cenveo deploys and maintains security protocols based on ISO best practice guidelines for security, availability, processing integrity, confidentiality and privacy. We deal with a wide variety of customers with requirements to comply with different regulatory needs such as HITRUST (certification targeted by November 2018), HIPAA, NIST 800-53 Framework. We have demonstrated our commitment to data privacy and protection by consistently meeting these industry standards.
Our privacy controls provide an adequate level of assurance on the effectiveness of our internal control environment. We run this compliance program at an enterprise level to benefit our clients indirectly.
 
Contact Person
 
Any GDPR related questions can be addressed to Cenveo’s Compliance Officer at compliance.contact@cenveo.com.