GDPR Compliance Statement March 2018
Introduction
The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
Vehicle Security Solutions is committed to high standards of information security, privacy and transparency. We have always placed a high priority on protecting and managing data in accordance with accepted standards. The company is committed to comply with applicable GDPR regulations when they take effect in 2018.
The company has the following main areas of focus in preparing for GDPR overseen by an internal cross-functional team:
- Update our existing operational processes and procedures to ensure we can deal effectively with the new rights exercised by individuals.
- Product programmes to support compliance for users of our software applications including solutions to streamline the process.
- Update data protection training to ensure all employees are aware of GDPR and their responsibilities.
- Keeps records of all activities undertaken to ensure we can prove GDPR compliance.
Compliance
Vehicle Security Solutions already has a robust Customer Relationship Management (CRM) System and to ensure compliance will implement additional or augmented company-wide controls to meet GDPR requirements as identified by both our internal and external advisors. To further support this activity, we have appointed a Head of Operational Security & Resilience who will take the lead on updating our information security policies and procedures. These will be built on our existing management systems, informed by gap analysis and data protection risk assessments and supported by communication and training programmes.
Our companies CRM system only holds minimal information on both clients and prospects. The information we record is listed below:
- Forename and Surname if obtained
- Company Name and Address
- Company Email Address
- Personal Email Address where obtained and consented by customer
- Company Telephone number/s
- Personal Mobile numbers where obtained and consented by customer
- Records of conversations taken over the telephone and/or from meetings
Vehicle Security Solutions does not hold or store any bank account details on it’s CRM or in print, however, the company does use two payment services for it’s customers to pay their invoices. These are World Pay and Stripe. When storing or processing card payments, we comply with the Payment Card Industry Data Security Standards (PCI DSS). These services already conform to the new law.
Compliance will be supported by a review of existing contracts with our channel partners, data controllers, the use of sub-contractors for installation work and any data export arrangements.
In most of areas, the hosted services provided by our channel partner – Matrix Telematics already conform. As data processor, the company is undertaking risk assessments to include more detailed consideration of the data types we hold and a data protection impact analysis of personal information stored and processed. Policies such as incident response plans and backup data retention have been reviewed and updated.
Our channel partner – Matrix Telematics uses the Amazon Web Services [AWS] as its hosting partner, please see the following link to learn more about their GDPR Compliance:
https://aws.amazon.com/blogs/security/aws-and-the-general-data-protection-regulation
In addition to this, our channel partner – Matrix Telematics uses Google as its Mapping partner, please see the following link to learn more about their data protection terms: