GDPR | Privacy policy | Cookies

The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which will come into force in May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.

GDPR Preparation

By the GDPR implementation deadline, in place will be:

  • Updated internal policies relating to data protection and responsibilities for ongoing GDPR compliance.
  • Check all our systems, processes and services to ensure they meet the requirements of GDPR, particularly around security of data and our use of any external third party services.
  • Processes to ensure ongoing compliance past the GDPR deadline.
  • Updated terms and conditions of services that meet the contractual requirements of GDPR in the Data Controller – Data Processor relationship.

Our services are compliant because:

  • We have fully assessed our own GDPR compliance both in terms of the services offered and in terms of our own internal policies and procedures.
  • Appropriate technical and personnel protocols are in place to ensure data security
  • We carry out due diligence against any sub-processors or other third party processors we use to ensure their GDPR compliance (such as data centres).
  • Only specific members of staff have access to our servers, limited to specific circumstances.
  • Customer data is not transferred outside the EU (all our services are hosted in the UK).
  • We have updated our privacy and cookie policies to incorporate the new GDPR obligations.
    https://www.lopezshackleford.co.uk/privacy/
    https://www.lopezshackleford.co.uk/privacy/cookie-policy/

Security

Technical measures

We keep up to date with all technical aspects of security and ensure the ongoing security of our servers and systems. This means that any security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done so with data protection and privacy in mind and where appropriate, in discussion with our customers.

Organisational measures

Access to the administrative portions of the hosting infrastructure are highly restricted, limited to personnel with a specific need.

Third party processors

Hosted Services

Payment processors

Cloud based Invoicing and accounting

Version: Jul 2019