GDPR readiness statement
The General Data Protection Regulation (GDPR) is effective from 25th May 2018. This new privacy law means EU residents now have greater control in relation to what, how, why, where and when their personal data is used, processed or is disposed.
Any business that processes personal data of EU residents, regardless of geographical location, now has obligations to protect the rights of those individuals through GDPR compliance.
What we’ve been working on
Instiller is committed to continually enhancing privacy safeguards and since March 2017 we’ve been working hard to ensure compliancy with GDPR whilst at the same time developing features within our solution to help our agencies and their customers.
We’ve invested time engaging with legal experts, training companies and security specialist to help us fully understand the requirements of the GDPR and we’ve also put in place training plans to ensure that all of our employees have the necessary expertise in compliance measures relating to processing personal data.
Continually monitoring and assessing all aspects security, personal data storage and personal data processing is something we have been doing since we started out in 2004.
We have assessed where we collect, store and process personal data and recorded that information to help us identify where adjustments have needed to be made.
Our standard Terms & Conditions have been reviewed and updated to ensure all of the necessary information to support GDPR are in place and we have undertaken a full review of the contracts we have in place with our own suppliers.
A key step in the enhanced compliance requirements is ensuring documentation is in place to record where personal data is processed and the justification for the processing.
Documentation isn’t a one-time thing and we now have, in combination with periodic assessment reviews, an ongoing update programme to ensure continual GDPR compliance.
What this mean for our customers
Working towards making any business GDPR compliant will undoubtedly take a large amount of time, effort and resources.
We might not able to advise on how to make agencies that use Instiller compliant but what we can do is continue to develop our service and provide our customers with a wide range of useful tools to help with things like…
- Implementing secure access controls
- Controlling data retention
- Encrypting, anonymising or permanently deleting user data
- Processing Subject Access Requests
- Processing Right to Erasure requests
- Auditing and assessing processing through enhanced logging
Enhancing the security and features of Instiller is major focus of ours and we will continue to do this in order to help all of our customers.
For more information on our infrastructure, security and database backup process, click here.
There’s lots of new things we’re working on, and that we have planned for later, so look out for our update emails in your inbox and if there’s anything you need please get in touch.