SchemeServe and the General Data Protection Regulation
Last modified: 18th June, 2018
We take our responsibilities under GDPR seriously. That’s why we have a programme to identify what changes we need to make to be compliant with the GDPR by May 24th this year and what we will do going beyond that date. Here is a quick summary:
- We spent 2 days with a couple of lawyers that wrote the GDPR, to make sure we have it ‘from the horses mouth’.
- Our developers and security people are making a few necessary changes/improvements to SchemeServe.
- The offering of independent Data Protection impact assessments and Data Protection Officers to our customers
- We have updated our Data Retention Policy to explain how we work out what data to keep, for how long and for what purpose.
- Updated our data breach handling processes so the notices we provide fall in line with whats needed for GDPR.
- Ran some company wide, and customer facing data protection training relating to using SchemeServe.
- We have extended our privacy by design ethos into customer facing tools, like providing ways in which you can protect your data from access by us without your permission, Export for data subject Access Requests and the ability to Limit Processing of selected clients.
Next, we will be working on:
- Update our customer data processing policy.
- Update our terms and conditions to more fully explain our obligations under GDPR – done for new contracts, existing contracts will be updated at renewal or upon request from the customer.
- Confirm key third-party supplier arrangements have the appropriate contractual protections in place to satisfy GDPR requirements. Most already do, but there is a new audit to confirm this, prior to closing this point.