Posted on May 16, 2018 by Jason McSweeney
During the past year, like many of you, we have understood the impact of the General Data Protection Regulation, which is to come into effect on May 25, 2018.
This document is intended to give you an overview of the initiatives we have undertaken. and put in place, or will be in place on the given date.
Internal Project Team
We have set up a GDPR project team through the staff of the company to provide a variety of experiences and skills. This team participated in the review of our internal processes and practices, identifying areas requiring changes or improvements to reach the scope of the project. To improve our understanding and analyze these processes, we have also provided advice from an external vendor.
Our platforms and networks are designed in a secure way. Perimeter firewall security practices, strong encryption, secure data center locations, access control checklists, network monitoring software and staff awareness training. Our last penetration test performed by an external expert company will be completed in late April 2018.
The procedures are governed by recognized standards such as ISO 27001: 2013 registration and Cyber Security certification.
Our data centers, where customer data is stored and processed, are located in the United Kingdom. No data is transferred outside the EU.
Data held for business processes, p. for the management of customer contracts, personal data or sales and marketing activities, has been revised and revised if necessary to meet the GDPR specification for data held as a permission or legitimate interest. Privacy notices and marketing subscription forms have also been reviewed and brought into line with the GDPR specification.
To enable our customers to better comply with stricter data control, we have introduced a number of improvements. They are designed to facilitate customer data processes and, if they are optional, are strongly recommended:
Completely delete the recipient's record and all associated data ( read more … )
Revised data manager role – to better define who can view recipient data
Standard user role separated and deleted – for greater granularity of role assignment
Adding CAPTCHA Form Manager Configuring and Managing Processes – for Better Web Form Security
Add automatic deletion of inactive records – to delete recipient records that you no longer communicate with, reducing the amount of unnecessary data you hold in your account. This optional feature allows you to define a period in which the recipient's data is permanently deleted when it meets the following criteria:
The recipient has not been imported into Maxemail during the selected time period
The recipient has not received e-mail during the selected period
The recipient has not opened e-mail during the selected period
The recipient has not clicked on an e-mail in the selected period
Our staff only has access to work with this client's customer data. Access is granted once permission is received by email and for a limited time, as specified by this permission.
Having achieved the ISO 27001: 2013 registration in May 2017, we have an ISMS and solid procedures. From staff training and system access control to software development and system design, safety is at the forefront of every decision.
An addendum to the data processing clause has been added to our service contracts. This is distributed to and signed by all current customers where a data processing agreement is not already in place. This includes the agreement that the data will only be processed for the purposes indicated by a customer as part of the treatment disposition and service contracts, with the ability for authorized persons of that customer to 39, make changes to this effect.
Our data protection policy has been revised to include GDPR references and specifications.
Our data breach procedure has been revised in our business continuity plan to ensure that it meets GDPR specifications.
The details contained in this update should provide sufficient detail to demonstrate and explain how we responded to changes made by the GDPR. If you have any questions about this document or if you need further information about our approach to GDPR, please contact us:
Tel: 01327 811884