About Case Studies Contact FREE 30 Day Dialler Trial
Hostcomm GDPR Update
HELP

GDPR Update



Hostcomm GDPR Compliance Update

This document outlines the steps that Hostcomm is taking to ensure that our services are fully GDPR compliant. This is an important and complex project and we have made significant progress to date. However, there is further work to do to complete all the key tasks, which we will continue to focus on in the coming weeks.

This is our first update and we plan to publish further updates as appropriate.

What is GDPR?

GDPR stands for ‘General Data Protection Regulation.’ GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. The intention of this regulation is to strengthen and unify data protection for all individuals within the European Union. This is intending to give control back to citizens and residents over their personal data.

GDPR comes into effect from 25th May 2018 and will replace the 1995 EU Data Protection Directive.

How we deal with security and privacy

At Hostcomm, we understand the importance of security and privacy and this is of critical importance to us. We believe that GDPR is a significant step forward for enabling and clarifying individual privacy rights. As such, we are determined to ensure compliance with GDPR.

We are currently in the process of obtaining PCI DSS compliance. PCI DSS stands for ‘The Payment Card Industry Data Security Standard.’ This is an information security standard for organisations that handle branded credit cards from the major card schemes.

By gaining PCI DSS compliance, we can ensure that the appropriate controls for the management of information are in place and that we are working to meet our legal and regulatory requirements, including those outlined in the GDPR.

Hostcomm has made a significant investment in improving security. We are now in the process of implementation. Some of the more noteworthy completed / on-going projects are as follows:

  • Recruitment of full time, dedicated Security Officer.
  • Security officer trained with a new intrusion detection programme.
  • A security consultancy is working with Hostcomm to produce new and update existing policies, procedures and documents relating to PCI DSS, GDPR and ISO27001.
  • Investment in physical security systems at main tech support centre.
  • Investment in new IT systems e.g. Intrusion detection, Firewalls, two factor authentication, new Helpdesk application, hardening of network devices, anti-virus, new office applications, password manager.
  • Classification of data audit.
  • Vetting of existing staff that access client data.
  • Staff training.

12 Steps to GDPR Compliance

In order to become GDPR compliant we have utilised information released by the Information Commissioners Office (ICO), which outlines 12 steps that we need to undertake to become GDPR compliant.

  1. Awareness

    All staff at Hostcomm have recently undertaken security awareness training that strongly promotes the key principles of information security.

    In addition, at Hostcomm, we also have a Data Protection Officer who will identify any areas that could cause compliance issues under GDPR.

  2. Information we hold

    All personal data which we, as a company, are responsible for is safely stored for the protection of your company and clientele. Any personal data that we hold is documented safely and only information provided by yourselves is stored. No information or data is provided to third parties.

    We will comply with GDPR’s accountability principle, which requires us to show that we comply with the data protection principles. We will always ensure that we have effective policies and the correct procedures in place for your protection.

  3. Communicating privacy information

    When collecting personal data, we will explain our lawful basis for processing data and the data retention periods. This will explain how we intend to use your information. As stated elsewhere in the document, we emphasise that we will not sell any of the data that we hold to third parties.

  4. Individual’s rights

    Hostcomm will have the correct procedures in place to ensure that we cover all the rights you have in regards to your data being stored. This information will be available electronically and in a commonly used format.

  5. Subject access requests

    As well as following GDPR for our customers, we also ensure that all employees within the company have the right to be informed whether or not we are processing personal data that relates to them.

  6. Lawful basis for processing personal data

    We have a documented process for processing data, in order to comply with the GDPR’s accountability requirements.

  7. Consent

    When requiring consent we will have positive opt-ins. We will not use pre-ticked boxes or any other method of default consent, as GDPR requires. Our privacy notice will include our lawful basis for processing, as well as the purpose of the processing.

  8. Children

    At Hostcomm we do not deal with data relevant to children.

  9. Data Breaches

    Following the GDPR regulations, we have a duty to report personal data breaches to the relevant supervisory authority. We will do this within 72 hours of becoming aware of the breach. If we experience a breach that is likely to result in a high risk of negatively affecting individuals’ freedoms and rights, we will inform these individuals without undue delay. Moreover, we will keep a record of any personal data breaches. We guarantee a robust breach detection, investigation and internal reporting procedure.

  10. Data Protection by Design and Data Protection Impact Assessments

    Because of going through PCI DSS compliance, we will have an up to date Protection Impact Assessment (PIA). We will perform PIA regularly in accordance with PCI DSS and GDPR. These will address the confidentiality, integrity and availability (CIA) requirements of all personal data handled by Hostcomm.

  11. Data Protection Officer (DPO)

    We have a data protection officer, James Owen. His role is to ensure that Hostcomm keeps up to date with regulations related to GDPR.

  12. International

    Hostcomm only operates within the United Kingdom.

Talk to Our Sales Team

If you have any further questions about how Hostcomm is working to protect your data, talk to one of our Account Managers.

0808 168 4400
sales@hostcomm.co.uk