The new European Union General Data Protection Regulations (GDPR) will commence as of 25th May 2018, and will impact all organisations that hold or process personal data.
The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data.
Steel City Digital is committed to the highest standards of information security, privacy and transparency. Steel City Digital ensures that a high priority is placed on protecting and managing all data, and will comply with all applicable regulations and ensure that as a data processor all contractual obligations for our products and services are met.
At Steel City Digital we have been working hard to make sure we are compliant. We want to share with our customers some of the key points and commitments we are making.
Steel City Digital has four main areas of focus to prepare for GDPR which is being overseen by the management team.
Develop compliance plans and strengthen current platform.
Introduce programmes to support compliance.
Streamline organisational processes.
Provide services and solutions for customers in a compliant GDPR manner
At Steel City Digital, compliance is a responsibility shared across multiple areas within the business who are also adapting processes in preparation for GDPR.
The definition of a data processor under GDPR is a person or organisation who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal development processing.
As a data processor (your data which is on our services) we commit to:
The definition of a data controller under GDPR is simply the organisation (a legal person, agency, public authority etc) or the natural person which, alone or depending on the organisation and personal data processing activity, in collaboration with others defines what needs to happen with the person’s data and plays an important role with regards to personal data protection.
As a data controller (the data we hold about you to provide you with the service you need) we commit to:
There are 6 principles within the GDPR framework, these are:
Where is my data held and is it ever transferred outside the EU?
As a data controller (the data we hold on you as a customer) your data is held in the UK. Data may be accessed from locations outside the EU for the purposes of providing essential services as part of the contract, but only in accordance with binding corporate data rules that are in compliance with GDPR.
As a data processor (the data you hold on our servers);
If your data is held on a VPS, dedicated server or managed solution, it is held in the location you requested upon deployment of your service. If this is outside the EU then the data will also be held outside of it. If the location this information is deployed to is inside the EU then the data is only stored where you requested - in the unlikely event of having to transfer this data outside of the EU adequate notice would be given to you, and would only be in response to a very exceptional circumstance.
If your data is held as part of a shared hosting service it will be held in the UK on one of our servers.
If this is an ancillary service, in some cases data may be held outside the EU but only in accordance with strict contractual obligations to satisfy GDPR regulation.
How does Steel City Digital secure my data?
We use a number of techniques and processes to ensure that data is secured, including but not limited to;
Under the GDPR, Steel City Digital is required to report data breaches to the ICO (Information Commissioner’s Office) within 72 hours. As part of our procedures, appropriate communications will be made, including notifications to all affected parties