Data Protection & GDPR
BREXIT Update: At this moment in time and into the foreseeable future, EU Data Protection Laws still apply to all UK businesses and the changes regarding the General Data Protection Regulations (GDPR) will also apply. As a company Data Send UK is GDPR ready and also ISO27001:2013 certified.
What is GDPR
The GDPR is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It comes into effect on May 25, 2018. It brings with it a shift in mindset and expressly introduces principles such as "accountability principle" and "privacy by design"
The GDPR is consistent with how we think and operate. Our security practices already comply with the accepted recognised international standard ISO27001:2013
Our security architecture
Access to our internal systems is strictly controlled within Data Send UK and any employee access has to be authorised by the assigned Information Security Manager who documents all access requests. Extensive internal training is provided to make sure all employees understand our internal data security policies and associated procedures. Our production environment access is SSH key-based and controlled by being restricted to only authorised IP addresses and assigned technicians, who may require access to perform their duties. Firewall configuration is also tightly controlled to a small number of administrators. Advanced real-time intrusion detection systems are in place and monitored with automated alert notifications sent directly to assigned technicians.
Data in transit - data transferred between the client web browser or mobile app and Data Send servers is encrypted using SSL/TLS. With modern web browsers we use strong ciphers and flag all authentication cookies as secure and enable HTTP Strict Transport Security (HSTS)
Data at rest - files stored on our servers are encrypted using 256-bit Advanced Encryption Standard (AES)
Data backups - incremental backups of stored data are performed hourly. We also have a business continuity plan in accordance with our ISO27001:2013 certification requirements.
Maintain a reliable service - in the rare event that a server is not available to access we can switch to a duplicate backup server to restore the service.
Validate our practices - to make sure our security practices are working we perform periodic penetration testing and vulnerability tests on our internal and production environments. Identified issues are prioritised and assessed by our security team. Additionally, third-party auditors evaluate our security practices against international and industry standards. This again is part of the ISO27001 certification requirement. To help you validate our practices we can provide our ISO27001 certificate, ISMS Policy and a summary of our 3rd party annual audit report and also penetration testing result summaries under a non-disclosure agreement (NDA)
Breach Notification - Data Send UK will notify you in the event of a data breach, as required by applicable law. We maintain incident response policies and procedures, including a breach notification process, which enables us to notify affected customers as needed.
Privacy - Data Send UK will respond to any request from a Client to remove/delete any stored personally identifying information in a timely manner in accordance with applicable Data Protection Law.
While Data Send UK takes all steps to protect your data, this does not constitute an absolute guarantee that a third party will not try to access, interrupt, delete or compromise your data. You are therefore responsible for determining the ultimate safety and integrity and backup of your data. It is important to remember that you, as the business customer and the data controller, have specific legal obligations under the GDPR. Remember, however, that no provider including Data Send UK can offer to “solve” GDPR compliance for you. Please also read our terms of service agreements which have been updated to align with the GDPR.
All businesses and organisations governed by the EU/UK law, must ensure that adequate measures are in place regarding the transfer/storage of personal or sensitive data. Data security goes beyond just personal data and it is good business practice to send information in general (that is not even under the scope of GDPR) using a more secure method than the usual email and attachments.
TEL +44 (0)20 3239 5226
Data Send UK Ltd
20-22 Wenlock Road
London, England, N1 7GU
Company Reg No:06186740
VAT No: 160764410