The General Data Protection Regulation (GDPR) will govern all businesses in the UK on the 25th May 2018. This is a European regulation to ensure individuals privacy and rights when data has been collated about them.
The key pillars of GDPR are as follows:
- Individuals' privacy is respected and process and systems uphold this by design.
- Right for the individual to request all data about them is deleted.
- Right to move the data from one data controller to another.
- Individual has control over their own data and how this data may be used.
- Transparency for data handlers, if a breach occurs then the data protection authority and the individuals affected within 72 hours of breach discovery.
- Severe non-compliance fines for businesses who do not adhere to the Regulation.
What are we doing about this?
A full pre GDPR audit has been carried out at NT with resulting actions being completed:
- Key compliance policies updated and shared with the team.
- GDPR and general IT Security training sessions scheduled for the team.
- Scoping of development of our internal CRM to allow for easy extraction of individuals data in the event of a Subject Access Request and subsequent removal if applicable.
Where is our data held?
No data processed or managed by NT resides outside of the EU or is shared with 3rd parties (unless legal regulations dictate otherwise). Customer data that is held within the cloud resides in the UK.
If you have any queries about either GDPR or your personal data please contact us here Compliance.Officer@nottel.co.uk.