GDPR and Our Commitment to Data Privacy
Scamalytics aims to provide the service it can, and as part of this, is fully committed to respecting the privacy of our customers’ data. As such we are committed to compliance with the General Data Protection Regulation (GDPR), which is effective from May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years, and at Scamalytics we have been working hard to ensure that we are evolving in line with these new developments.
What We Are Doing
At Scamalytics we have made GDPR a priority, which is why we have devoted significant resources toward our efforts to comply. As such we have been working hard to ready ourselves for the enactment of GDPR and to ensuring your data is kept safe.
In order to help demonstrate our compliance with GDPR we wanted to outline some of the key areas we have been working on and the policies and processes we have put in place to achieve GDPR compliance, which includes:
Completing a GDPR Audit
- Earlier this year we completed a companywide internal audit of Scamalytics Ltd to identify and map out the personal data we hold and to allow us to identify any areas where we would have to work on to achieve GDPR compliance. The GDPR audit was supported with a roadmap for compliance which we have been working through.
Appointing a DPO
- We take this responsibility seriously and as such we appointed Dan Winchester as the company Data Protection Officer. He is available to assist you with any questions you may have, you can contact him on – email@example.com
Putting in place a Document Retention Policy
- Putting in place a Document Retention Policy to ensure that we keep the documents necessary to fulfil our obligations under HMRC and other regulatory bodies, but also ensuring that we are not keeping your data for longer than is necessary.
Ensuring any international transfer are done in the right way
- Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR.
Putting measures in place to keep your data secure
- We have committed to ensuring that we have the security and privacy measures required to fulfil our obligations under GDPR, and most importantly to keep your data safe. This includes assessing our current security measures to ensure we are meeting industry best practice.
- As part of our security provisions we have put in place a Data Breach Policy. We hope we never have to use it, but in case of such a scenario, rest assured that we have a policy which sets out how we will deal with any potential breach of security or data loss, so that it is handled in the most effective manner. This includes procedures on notifying the regulators of personal data breaches on our systems and promptly communicating any such breaches to you where you are affected
Putting the right policies and training in place
- We are committed to ensuring that staff who deal regularly with personal data both in the UK office and internationally, be it face to face or online, are bound to maintain both the confidentiality and security of that data.
Ensuring third parties who we work with are also GDPR compliant
- Risk assessing and holding any sub-processors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR.
Keeping up to date with GDPR and ensuring future compliance
We are committed to ensuring that this is not just a paper exercise and that we continue to re-examine our situation on a regular basis so that we ensure that our policies, security and processes are still relevant and appropriate for Scamalytics.
We hope that the above commitment, demonstrated that Privacy and GDPR are a priority for us. However, if there is anything further you would like to know or if you feel there is something that we have missed then please let us know.