This document outlines the steps that Hostcomm is taking to ensure that our services are fully GDPR compliant. This is an important and complex project and we have made significant progress to date. However, there is further work to do to complete all the key tasks, which we will continue to focus on in the coming weeks.
This is our first update and we plan to publish further updates as appropriate.
GDPR stands for ‘General Data Protection Regulation.’ GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. The intention of this regulation is to strengthen and unify data protection for all individuals within the European Union. This is intending to give control back to citizens and residents over their personal data.
GDPR comes into effect from 25th May 2018 and will replace the 1995 EU Data Protection Directive.
At Hostcomm, we understand the importance of security and privacy and this is of critical importance to us. We believe that GDPR is a significant step forward for enabling and clarifying individual privacy rights. As such, we are determined to ensure compliance with GDPR.
We are currently in the process of obtaining PCI DSS compliance. PCI DSS stands for ‘The Payment Card Industry Data Security Standard.’ This is an information security standard for organisations that handle branded credit cards from the major card schemes.
By gaining PCI DSS compliance, we can ensure that the appropriate controls for the management of information are in place and that we are working to meet our legal and regulatory requirements, including those outlined in the GDPR.
Hostcomm has made a significant investment in improving security. We are now in the process of implementation. Some of the more noteworthy completed / on-going projects are as follows:
In order to become GDPR compliant we have utilised information released by the Information Commissioners Office (ICO), which outlines 12 steps that we need to undertake to become GDPR compliant.
All staff at Hostcomm have recently undertaken security awareness training that strongly promotes the key principles of information security.
In addition, at Hostcomm, we also have a Data Protection Officer who will identify any areas that could cause compliance issues under GDPR.
All personal data which we, as a company, are responsible for is safely stored for the protection of your company and clientele. Any personal data that we hold is documented safely and only information provided by yourselves is stored. No information or data is provided to third parties.
We will comply with GDPR’s accountability principle, which requires us to show that we comply with the data protection principles. We will always ensure that we have effective policies and the correct procedures in place for your protection.
When collecting personal data, we will explain our lawful basis for processing data and the data retention periods. This will explain how we intend to use your information. As stated elsewhere in the document, we emphasise that we will not sell any of the data that we hold to third parties.
Hostcomm will have the correct procedures in place to ensure that we cover all the rights you have in regards to your data being stored. This information will be available electronically and in a commonly used format.
As well as following GDPR for our customers, we also ensure that all employees within the company have the right to be informed whether or not we are processing personal data that relates to them.
We have a documented process for processing data, in order to comply with the GDPR’s accountability requirements.
When requiring consent we will have positive opt-ins. We will not use pre-ticked boxes or any other method of default consent, as GDPR requires. Our privacy notice will include our lawful basis for processing, as well as the purpose of the processing.
At Hostcomm we do not deal with data relevant to children.
Following the GDPR regulations, we have a duty to report personal data breaches to the relevant supervisory authority. We will do this within 72 hours of becoming aware of the breach. If we experience a breach that is likely to result in a high risk of negatively affecting individuals’ freedoms and rights, we will inform these individuals without undue delay. Moreover, we will keep a record of any personal data breaches. We guarantee a robust breach detection, investigation and internal reporting procedure.
Because of going through PCI DSS compliance, we will have an up to date Protection Impact Assessment (PIA). We will perform PIA regularly in accordance with PCI DSS and GDPR. These will address the confidentiality, integrity and availability (CIA) requirements of all personal data handled by Hostcomm.
We have a data protection officer, James Owen. His role is to ensure that Hostcomm keeps up to date with regulations related to GDPR.
Hostcomm only operates within the United Kingdom.
If you have any further questions about how Hostcomm is working to protect your data, talk to one of our Account Managers.