General Data Protection Regulation (GDPR).
sales-i's GDPR statement
The EU General Data Protection Regulation (GDPR) came in to force on 25th May 2018. This regulation impacts every organisation that processes personal data regardless of the United Kingdom’s decision to leave the EU. The regulation places more responsibilities on how companies manage the personal data of EU citizens and gives individuals rights to rectify, object and request the data that companies hold about them. What’s more, the GDPR is intended to compel companies to process personal data in a transparent and fair manner.
We are committed to maintaining high standards of information security and data privacy and as such, we welcome this important EU law which aims to regulate how companies process data. Before now, we placed a high priority on the protection and management of personal data in accordance with the Data Protection Act (1998) and as such, we already have rigorous standards in place concerning personal data as a data processor and data controller.
We will work closely with our customers and partners to meet our contractual obligations for our procedures, products and services. We are also dedicated to supporting our customers in meeting their obligations through the provision of expert services and value-added solutions.
We will continue to:
- Only manage data with the agreement of our customers;
- Use and update safeguards around data handling and secure data processing with customers and partners;
- Impose strict confidentiality requirements on our employees and provide customers with the necessary support;
- Help you, our customer, to respond to data subject access requests as stipulated in Article 28 of the regulation.
- Improving our business procedures to support compliance for users of our SaaS applications which includes the ability to be able to respond to data subject access requests and other individual rights as stipulated by the GDPR.
- Ensuring third-party companies who handle and protect our customer data have the necessary technical and organisational measures in place. Our third-party suppliers have certifications including IS0 27001 and ISO 22301, to help ensure compliance.
- Reviewing access controls to various databases and ensuring the supply of these are on a need to know basis only to employees who carry out the necessary service(s).
- Training staff to ensure complete GDPR compliance will be carried out at regular intervals.
How do we help our customers to adapt to this change?
The volume of data we handle is captured and processed in a secure manner. Our Data Protection Addendum clearly informs our customers about this. We have carried out our due diligence to ensure that the right security measures are in place. Furthermore, we will ensure that we inform our clients and seek their consent when we employ the services of any new third-party suppliers.
Requirements such as Data Protection Impact Assessments (DPIA), privacy by design and default, active mitigation procedures and risk management measures are approached in a disciplined and strategic format.
In addition, our policies and procedures will be regularly reviewed to maintain GDPR compliance.
Our robust breach procedures will alert our data officer and the Incident Response Team (IRT) who will inform the controller(s) and supervisory authorities in the event of a high-risk breach.
Our data officer will inform, advise and monitor compliance. We will implement tools as appropriate that support the process, provide necessary security and ensure that all business procedures or processes align with the principles of the regulation.
We are ready to help our customers to meet the requirements of the GDPR whilst working efficiently to ensure we remain fully compliant and continually monitor our systems and procedures.
For further enquiries contact firstname.lastname@example.org.