Data Protection & GDPR


BREXIT: - UK Businesses now have the clarity they needed as the EU have agreed that the UK's own data protection laws are in alignment with their EU GDPR regulations. This means the regulatory flow of personal data is unaffected between the UK & the EU for the foreseeable future. It will be reviewed at intervals, in order to make sure the alignment continues.


International transfers after the UK exit from the EU Implementation Period: -

Information provided on the ICO website here: -
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit


What is UK GDPR

The UK GDPR is a regulation that establishes a framework for handling and protecting the personal data of UK based residents. It brings with it a shift in mindset and expressly introduces principles such as "accountability principle" and "privacy by design". The UK GDPR is consistent with how we think and operate as our security practices already comply with the accepted recognised international standard ISO27001:2017

 

Our security architecture

Access to our internal systems is strictly controlled within Data Send UK and any employee access has to be authorised by the assigned Information Security Manager who documents all access requests. Extensive internal training is provided to make sure all employees understand our internal data security policies and associated procedures. Our production environment access is SSH key-based and controlled by being restricted to only authorised IP addresses and assigned technicians, who may require access to perform their duties. Firewall configuration is also tightly controlled to a small number of administrators. Advanced real-time intrusion detection systems are in place and monitored with automated alert notifications sent directly to assigned technicians.

Data in transit - data transferred between the client web browser or mobile app and Data Send servers is encrypted using SSL/TLS. With modern web browsers we use strong ciphers and flag all authentication cookies as secure and enable HTTP Strict Transport Security (HSTS)
Data at rest - files stored on our servers are encrypted using 256-bit Advanced Encryption Standard (AES)
Data backups - incremental backups of stored data are performed hourly. We also have a business continuity plan in accordance with our ISO27001:2017 certification requirements.

Maintain a reliable service - in the rare event that a server is not available to access we can switch to a duplicate backup server to restore the service.

Validate our practices - to make sure our security practices are working we perform periodic penetration testing and vulnerability tests on our internal and production environments. Identified issues are prioritised and assessed by our security team. Additionally, third-party auditors evaluate our security practices against international and industry standards. This again is part of the ISO27001 certification requirement. To help you validate our practices we can provide our ISO27001 certificate, ISMS Policy and a summary of our 3rd party annual audit report and also penetration testing result summaries under a non-disclosure agreement (NDA)
Breach Notification - Data Send UK will notify you in the event of a data breach, as required by applicable law. We maintain incident response policies and procedures, including a breach notification process, which enables us to notify affected customers as needed.

Privacy - Data Send UK will respond to any request from a Client to remove/delete any stored personally identifying information in a timely manner in accordance with applicable Data Protection Law.

 

Customer responsibilities

While Data Send UK takes all steps to protect your data, this does not constitute an absolute guarantee that a third party will not try to access, interrupt, delete or compromise your data. You are therefore responsible for determining the ultimate safety and integrity and backup of your data. It is important to remember that you, as the business customer and the data controller, have specific legal obligations under the UK GDPR. Remember, however, that no provider including Data Send UK can offer to “solve” UK GDPR compliance for you. Please also read our terms of service agreements which have been updated to align with the UK GDPR.

File Delivery Terms of Service Agreement PDF - Download

Data Room Terms of Service Agreement PDF - Download

 

Summary

All businesses and organisations governed by UK law, must ensure that adequate measures are in place regarding the transfer/storage of personal or sensitive data. Data security goes beyond just personal data and it is good business practice to send information in general (that is not even under the scope of UK GDPR) using a more secure method than the usual email and attachments.




Purchase an account today