On 25 May 2018, the General Data Protection Regulations (GDPR) will come into force in the UK.
From this date, all UK businesses must be compliant with the new regulations or face considerable fines. At Appraisd we are taking steps now to ensure we are fully GDPR compliant well before this date. This page explains at a high level how we are addressing some of the requirements.
Please note that you should seek your own legal advice. Information provided by us must not be considered legal advice.
GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:
At Appraisd we have taken or are taking the following steps to address the new requirements:
We are updating our Terms and Conditions to include new clauses on GDPR and data processing. The following documents are also available
Our Terms and Conditions are being amended to ensure that consent of the data subject has been obtained by the Customer. When consent is withdrawn, features in Appraisd will make it easy for a Customer Administrator to permanently delete or anonymise user data. We will also be providing features to ensure Customers can respond to Data Subject Access Requests.
We will providing tools to enable Customers' Administrators to anonymise personal data in Appraisd where possible. Where not possible, Customers will be able to permanently delete personal data.
We will provide timely notification in the event of any accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access to any personal data. This is detailed in our Data Processing Agreement.
We use state of the art technology and best practice to ensure the safety of your data. All Appraisd customer data is stored in Microsoft Azure datacentres in the UK that are ISO27001 and ISO/IEC 27018 certified. All data is encrypted at rest and in transit. Where data crosses EU borders it is transferred using appropriate EU model clauses and other contractual assurances.
As a customer of Appraisd, you will act as the data controller for personal data you use and provide to Appraisd as part of your usage of the service. Appraisd is a data processor and processes data on behalf of you, the data controller. As a data controller, you will have obligations under GDPR concerning lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as obligations to fulfil data subjects’ rights with respect to their data. These responsibilities are detailed in our Data Processing Agreement.
We are currently in the process of achieving ISO27001 certification which will provide independently-veriried assurance of our security practices. We estimate certification to be achieved by Q2 2018