Economic Data Services Ltd (EDSL) is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable on the 25th May 2018, we have undertaken a GDPR readiness programme to review our entire company, the way we handle data and the way in which we use it to provide our services.
Our GDPR readiness programme is looking at the following areas:
- Staff training and awareness – how GDPR, the Data Protection Bill and the ePrivacy Regulation will impact clients, employees and the supply chain.
- Supplier management – ensuring all appropriate security, organisational controls and governance processes meet the demands of our clients and of EDSL as it continues to grow.
- Development – ensuring we maintain our commitment to best practice and developing systems which meet recognised security standards and making sure we meet our commitment to privacy by design.
- Individuals rights – refining our approach to handling requests for data, or the handling of data, to meet the new demands of GDPR (including the right of subject access, cease processing requests and erasure of personal data)
- Data mapping – a full review of all processes and systems to truly understand the customer experience, the data we hold and the way in which it is used.
- Data retention – confirming data retention periods meet contractual, legal and organisations requirements.
- Privacy notices – reviewing all notices to inform clients and employees of the way we handle their data.
Solvitt
To assist our customers, we will be making the following enhancements to Solvitt: –
- Reporting – we will be providing a report of where personal data is held within the Solvitt software.
- Search – we will provide a wildcard search of the Solvitt software to find personal data throughout the system.
- Replace – an option will be provided to replace any personal data with characters of the user’s choice. The fields will be marked to highlight that the personal data has been amended under GDPR compliance.
- Consent – Fields to be added to contact records for consent to Post, Email, SMS, Telephone contact.
Note: EDSL customers will not be GDPR compliant by the use of our ERP solution, Solvitt. It is the responsibility of our customers to become GDPR compliant and the use of Solvitt will not result in GDPR compliance.
Client Data
Historically, we have kept copies of Clients data for testing purposes. All copies of Clients data will now be deleted from our Server and Laptops with immediate effect. In future we will ask for written consent to take a copy of Client data for testing purposes with a time limit for the deletion of this data.
Client Access
We use “Teamviewer” to regularly access Client’s hardware for the purposes of training, updates, demonstrations etc. Some of these have been setup as permanent “connections” with our clients. These will be removed with immediate effect. In future all “connections” with clients will be “on request” with the approval with the Client.
Encryption
All laptops will be encrypted to prevent the loss of personal data which may be held on them.
Contact
For more information, please contact us at GDPR@edsluk.com.