GDPR Statement – Data Security and Compliance for May 20182018-01-19T10:26:28+00:00

General Data Protection Regulation (GDPR) Statement

GroupBC Executive Summary

GroupBC welcomes the introduction of GDPR in May 2018. The software platform that GroupBC provides is provided by our business solely located in the UK utilising hosting facilities solely based in the UK. GroupBC has always taken all information security seriously including that of personal data regardless as to whether GroupBC is considered a processor or controller.

In terms of the GDPR GroupBC has been working towards being fully compliant throughout 2017 in order to ensure that GroupBC customers can be certain that they are dealing with a fully compliant GDPR business and software platform. The work will conclude prior to the May 2018 date for introduction of the regulation.

GroupBC will be providing documentation to customers detailing how the software platform and GroupBC as an organisation are fully compliant with all aspects of GDPR.

Assessment

GroupBC has assessed every paragraph of the GDPR and matched its own activities and products against all of those paragraphs in four key areas. GroupBC considered the regulation against GroupBC as

  1. A data controller of its own employee data.
  2. A data controller or processor of third party data such as activity relating to direct marketing.
  3. A Software as a Service (SaaS) supplier.
  4. A business that develops software.

A public document will be made available that details the policies and activities that GroupBC employs matched to the clauses of the GDPR should any customer have a detailed question in respect of compliance.

GroupBC will also provide a document that details the features of the SaaS provision that means you can have confidence that the organisation and software you are working with are fully GDPR compliant.

GroupBC is certified to ISO 27001:2013 demonstrating a commitment to Information Security.

GroupBC is hosted solely from UK data centres.

Activity

GroupBC is amending its activities and associated policies and procedures as necessary in order to fully comply with GDPR following a thorough assessment.

GroupBC is amending its customer and supplier contracts to ensure the GDPR reaches throughout the supply chain for the provision of its SaaS services.

GroupBC is reviewing all of its suppliers for compliance with GDPR paying very close attention to its marketing activity suppliers.

GroupBC is carrying out Privacy Impact Assessments as necessary.

GroupBC is organising a public event whereby customers can be briefed further on GroupBC’s activity in respect of GDPR.

GroupBC will be offering additional cyber security options for customers who feel they would like to increase their monitoring of activity in relation to their own specific system.

The GroupBC website and direct marketing activity is being updated so that customers have the assurance that they will be contacted and treated in accordance with GDPR requirements.  The website will contain GroupBC’s privacy policies clearly identified.

The SaaS platform is being fully reviewed and will be amended if required. The software is already developed under the guidance of GroupBC’s secure development requirements.

GroupBC will be maintaining accreditations that demonstrate its commitment to information security, including personal data.