GDPR Statement

What is GDPR

The General Data Protection Regulation (GDPR), is a European privacy law approved by the European Commission in 2016 which will take effect from 25th May 2018.

The GDPR replaces EU Directive 95/46/EC which has been the basis of European data protection law since 1995.The GDPR aims to strengthen and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and remove personal data.

Our commitment to GDPR and Privacy

Net Business has always been committed to data privacy and the principles codified within the GDPR legislation. We hold privacy and data security as a core design principle for all systems and services we offer and we have been working to make sure we are compliant by 25th May 2018. Here's what we've done:

Data Processing Terms Variation

If you are a customer of ours, you will have received an email which is our formal notification of the variation of our Agreement and sets out the new terms for how we will comply with our obligations under the GDPR. It contains a link to our core data processing agreement that serves as an addendum to our terms of service service i.e. in circumstances where we act as a simple data processor. By 'simple' we mean where we have supplied a platform under your own control e.g. web hosting services or email accounts. Continued use of any of our services is taken as evidence that you agree to abide by the new terms and that you have taken steps to ensure your own compliance and liability. To read the terms of service including the data processing addendum go here.

Net Business as a web application and web development provider.

Where we provide customised and bespoke web development applications and integrations our core data processing agreement applies. An essential part of that agreement is that we undertake to only carry out any data processing that our customer has instructed us to carry out.

We will work with any customers that have still not contacted us to help them understand the processes and any sub-processes involved in their web applications and to formalise their instructions to us.

Awareness and Governance

When we design any system or make changes, we consider data privacy and security as a priority. To formalise this, we've appointed a Data Protection Officer. We've created policies and procedures to ensure we continue to remain compliant as our products and services evolve, we add new features and contract with new suppliers or third party services.

Updated Privacy Policy

We've updated our privacy policy to reflect our obligations under the GDPR. We have conducted an audit of our products, the software we use, third party web services, suppliers and our web properties to map out where we are storing or processing personal data. We have validated our legal basis for collecting and processing personal data and made sure we are applying the appropriate safeguards and protections.

Data security

We take all reasonable step to provide data security at the technical level and as an important part of staff awareness. If you would like to know more about our data security policies and how they relate to the service or services you purchase from us please contact privacy@netbusiness.co.uk

Consent

We conducted an audit of all of the places where we collect personal information and reviewed the legal basis for doing so. We updated any sign-up forms to comply with GDPR guidance and our privacy policy was updated with the latest information about cookies which are set by our web properties. We've also created a governance process to ensure we keep our privacy policy up to date any time we launch a new website or include a new third party library which might set a cookie.

Suppliers and sub processors

We conducted a deep review of each of our suppliers and third party services to understand, for each one: where they are hosting any data we share with them; how they are processing it; what legal entity is controlling the data; what terms and conditions are governing our relationship and such processing and whether those terms are acceptable to us; and whether they had completed their own GDPR compliance work in time for the deadline. We created a governance process to ensure we keep refreshing our due diligence on these matters. We've also created a checklist process for how we select suppliers going forward.

Data Protection Impact Assessments

We have audited our own and our web development customers usage of personal data. We have been working on creating formalised and documented Data Protection Impact Assessments to ensure we meet our GDPR obligations.

Breach Management

We will investigate any potential breach and in accordance with the GDPR we will communicate any issues directly and quickly.

Frequently Asked Questions

What security measures do you have in place to protect data?

Protecting our customers' and their customer's data has always been fundamental to everything we do. Our processing agreement sets out our commitment to adhering to the requirements of GDPR.

Physical security

Security policies

Culture of security and safety first.
Staff awareness of information security is high and regularly reinforced.
Staff access to core systems and facilities is restricted to only long standing staff members.
Strict access controls on management systems/links.
Principle of least level of access required is applied across all systems.

Any of our customers can contact privacy@netbusiness.co.uk for more details about the services that they use.

Do you have a GDPR compliant Data Processing Agreement/Addendum for us to sign?

As noted above we have issued a data processing addendum to our terms of service which varies our Agreement with Customers in line with GDPR requirements. This does not require your signature to take effect. To view the addendum go here.

Please note that clients that we have identified as requiring a personalised written agreement will be contacted.