SchemeServe and the General Data Protection Regulation
Last modified: 4th May, 2018
We take our responsibilities under GDPR seriously. That’s why we have a programme to identify what changes we need to make to be compliant with the GDPR by May 24th this year. Here is a quick summary of what we’ve done to date:
- We spent 2 days with a couple of lawyers that wrote the GDPR, to make sure we have it ‘from the horses mouth’.
- Our developers and security people are making a few necessary changes/improvements to SchemeServe.
- The offering of independent Data Protection impact assessments and Data Protection Officers to our customers
- We have updated our Data Retention Policy to explain how we work out what data to keep, for how long and for what purpose.
- Update our data breach handling processes so the notices we provide fall in line with whats needed for GDPR.
Next, we will be working on:
- Update our customer data processing policy.
- Update our terms and conditions to more fully explain our obligations under GDPR.
- Running some company wide, and customer facing data protection training relating to using SchemeServe.
- Confirm key third-party supplier arrangements have the appropriate contractual protections in place to satisfy GDPR requirements.
- Extending our privacy by design ethos into customer facing tools, like providing ways in which you can control password expiry times and protect your data from access by us without your permission.