The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty five years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe. WiredContact will comply with applicable GDPR regulations as a data processor when they take effect on 25th May 2018. Working in conjunction with our clients, we will explore opportunities within our services offerings to assist our customers to meet their GDPR obligations.
We are committed to address EU data protection requirements applicable to us as a data processor. These efforts have been critical in our ongoing preparations for the GDPR:
Our ability to fulfil our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using a third-party for example WiredContact to process personal data. Because of this requirement, WiredContact have worked extensively with local EU counsel to provide that our Agreements contain appropriate provisions for personal data we store, and balance the risks and responsibilities between data controllers and data processors.
Third-party audits and certifications:
WiredContact is committed to being one of the first CRM Companies in the UK to be SOC 1 audited, and one of the first non-Financial industry based software-as-a-service (SaaS) companies to utilise the SSAE 16/18 framework to provide a comprehensive security review.
WiredContact will be undertaking an independent third party annual SOC 1, Type 2 audit that reviews certain of our internal controls and processes. The audit covers internal governance, production operations, change management, data backups, and software development processes. It evaluates that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.
The SOC program offers independent verification that our security practices offer a recognised standard of security measures. Furthermore, the program is designed to cover key elements of data processing and integrity, while maintaining auditing practices within our business and operational processes. As all customers are concerned with their data and its security, WiredContact has integrated its SOC controls into its operating procedures. These procedures span the organisation, teams or functions that provide service or support to our clients on our platform. The key components of our SOC controls environment include:
- Corporate Governance: how we provide oversight of our business and people
- Change Management: how we make sure changes are tracked and properly reviewed
- Access Control and Management: who has access to our platform operations and how this access is managed
- Data Redundancy and Backup: how data is kept safe and stored in the event of adversity
- Software Architecture and Development: oversight of the development effort around our platform
Data portability: The GDPR includes certain requirements on data controllers for the portability of personal data. The data our customers store in WiredContact is theirs. We provide for portability and are continually working to enhance the robustness of our data export capabilities.
Where do our Customers Stand
As a current or future client of WiredContact, now is a great time for you to begin preparing for the GDPR as a data controller. Consider these tips:
Get to know GDPR: Familiarise yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with both your clients and candidates. Also, note the variance of local provisions which may be superseded by the new regulations when they become EU law from May 2018. Be aware that new requirements may require new solutions that meet the stringent requirements ahead.
Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal information that you control. Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps.
Here are some steps you can take today:
- Where are you recording opt in and opt our permissions ? Review the fields in your database – do you need them all
- Review your process documentation
- Ensure you have a lawful basis for processing the data
- Stay informed: Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. We recommend regular review of the Information Commissioner’s website, which is the UK representative within the EU working group: Article 29.
Depending on your usage of WiredContact, you may find that you have some data maintenance to conduct to be compliant with GDPR. Our professional services team is eager to help meet your needs in advance of May 25 2018.
Stay informed: Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. We recommend regular review of the Information Commissioner’s website, which is the UK representative within the EU working group: Article 29.
Copyright and Trademarks
We recognise all trademarks as belonging to their respective owners