Effective: 27 July 2019
The General Data Protection Regulation (GDPR) has been described as a “game changer for everyone” by the Information Commissioner’s Office. This new piece of EU data protection law represented a major shake up in the way we collect, process and store personal data. It aims to standardise data protection law across the EU, giving individuals more control over how, when and by whom their data is processed.
Insight Online Training is committed to partnering with our customers on GDPR. Here we explain what we have done and what we will continue to do to achieve GDPR compliance both internally and for our customers.
1. How we stay GDPR compliant: We adopted a company wide approach to remaining GDPR compliant. These include:
a. Updating and amending our terms and conditions, customer agreements and privacy policies and statements to bring them in line with the GDPR.
b. Ensuring that correct and appropriate contractual terms are in place with data processors including data security and international data transfers.
c. Updating our internal policies and practices to reflect GDPR requirements.
d. Continuing to invest in our products, services and staff training.
We continue to work closely with our legal team and Data Protection Officer so we can monitor GDPR compliance across the organisation.
2. Security Standards and Certifications: Protecting our customers privacy and securely managing your data is a high priority for us. All our web properties use SSL (secure sockets layer) to encrypt data you transmit to us across the Internet. Our Development Team manages our servers and data transfer processes for the purposes of maintenance, support and development. Access to our servers is tightly controlled; only authorised company administrators employed directly by Insight Online Training are granted access. Staff training is an important ethos that we hold as a company. As such, we ensure all our staff have an up-to-date working knowledge of data protection law inclusive of GDPR.
3. International Data Transfers: Data is stored within Dropbox and Backblaze. These service meets the EU-US Privacy Shield framework adopted by the European Commission. This complies with data protection requirements when transferring data outside of the EU. We keep this under review to ensure that data is stored, at all times, with appropriate safeguards.
4. Data Processors: To help us deliver the best possible service, we use a number of tools to process data. A data processor can be an organisation or third party provider who manages and processes personal data on behalf of a business. We are working with our providers to ensure compliance with the new regulations, including introducing data processing contracts where appropriate.
5. Upholding our customers rights: We have embedded, across the organisation, policies and procedures which for example allow customers to access their data in ways that are accessible to them and we have introduced an updated Data Privacy Notice which is regularly updated so that our customers are always aware of all of our data privacy arrangements.
6. Stay Updated: If you have any specific questions about our GDPR and data privacy arrangements, we hope that you contact us directly. We also have an online course which is designed to help you and your business to comply with GDPR and data protection legislation. For more details please see our Introducing GDPR Training Course.