The General Data Protection Regulation (GDPR), is a European privacy law approved by the European Commission in 2016 which will take effect from 25th May 2018.
The GDPR replaces EU Directive 95/46/EC which has been the basis of European data protection law since 1995.The GDPR aims to strengthen and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and remove personal data.
Net Business has always been committed to data privacy and the principles codified within the GDPR legislation. We hold privacy and data security as a core design principle for all systems and services we offer and we have been working to make sure we are compliant by 25th May 2018. Here's what we've done:
If you are a customer of ours, you will have received an email which is our formal notification of the variation of our Agreement and sets out the new terms for how we will comply with our obligations under the GDPR. It contains a link to our core data processing agreement that serves as an addendum to our terms of service service i.e. in circumstances where we act as a simple data processor. By 'simple' we mean where we have supplied a platform under your own control e.g. web hosting services or email accounts. Continued use of any of our services is taken as evidence that you agree to abide by the new terms and that you have taken steps to ensure your own compliance and liability. To read the terms of service including the data processing addendum go here.
Where we provide customised and bespoke web development applications and integrations our core data processing agreement applies. An essential part of that agreement is that we undertake to only carry out any data processing that our customer has instructed us to carry out.We will work with any customers that have still not contacted us to help them understand the processes and any sub-processes involved in their web applications and to formalise their instructions to us.
When we design any system or make changes, we consider data privacy and security as a priority. To formalise this, we've appointed a Data Protection Officer. We've created policies and procedures to ensure we continue to remain compliant as our products and services evolve, we add new features and contract with new suppliers or third party services.
We've updated our privacy policy to reflect our obligations under the GDPR. We have conducted an audit of our products, the software we use, third party web services, suppliers and our web properties to map out where we are storing or processing personal data. We have validated our legal basis for collecting and processing personal data and made sure we are applying the appropriate safeguards and protections.
We take all reasonable step to provide data security at the technical level and as an important part of staff awareness. If you would like to know more about our data security policies and how they relate to the service or services you purchase from us please contact privacy@netbusiness.co.uk
We conducted an audit of all of the places where we collect personal information and reviewed the legal basis for doing so. We updated any sign-up forms to comply with GDPR guidance and our privacy policy was updated with the latest information about cookies which are set by our web properties. We've also created a governance process to ensure we keep our privacy policy up to date any time we launch a new website or include a new third party library which might set a cookie.
We conducted a deep review of each of our suppliers and third party services to understand, for each one: where they are hosting any data we share with them; how they are processing it; what legal entity is controlling the data; what terms and conditions are governing our relationship and such processing and whether those terms are acceptable to us; and whether they had completed their own GDPR compliance work in time for the deadline. We created a governance process to ensure we keep refreshing our due diligence on these matters. We've also created a checklist process for how we select suppliers going forward.
We have audited our own and our web development customers usage of personal data. We have been working on creating formalised and documented Data Protection Impact Assessments to ensure we meet our GDPR obligations.
We will investigate any potential breach and in accordance with the GDPR we will communicate any issues directly and quickly.
What security measures do you have in place to protect data?
Protecting our customers' and their customer's data has always been fundamental to everything we do. Our processing agreement sets out our commitment to adhering to the requirements of GDPR.
Physical security
We have audited our own and our web development customers usage of personal data. We have been working on creating formalised and documented Data Protection Impact Assessments to ensure we meet our GDPR obligations.
Security policies
Any of our customers can contact privacy@netbusiness.co.uk for more details about the services that they use.
As noted above we have issued a data processing addendum to our terms of service which varies our Agreement with Customers in line with GDPR requirements. This does not require your signature to take effect. To view the addendum go here. Please note that clients that we have identified as requiring a personalised written agreement will be contacted.