What is GDPR and how will it affect you?
The new European Union General Data Protection Regulations (GDPR) will commence as of 25th May 2018, and will impact all organisations that hold or process personal data.
- Highlight new areas of responsibility
- demonstrate organisations’ need for compliance
- ensure enforcement of this compliance
- increase all penalties against organisations than the current Data Protection Act, which it will supersede.
What is UK2 doing to comply with GDPR laws?
UK2 is committed to the highest standards of information security, privacy and transparency. UK2 ensures that a high priority is placed on protecting and managing all data, and will comply with all applicable regulations and ensure that as a data processor all contractual obligations for our products and services are met.
At UK2 we have been working hard to make sure we are compliant. We want to share with our customers some of the key points and commitments we are making.
UK2 has four main areas of focus to prepare for GDPR which is being overseen by a dedicated internal team.
- Develop compliance plans and strengthen current platform.
- Introduce programmes to support compliance.
- Streamline organisational processes.
- Provide services and solutions for customers in a compliant GDPR manner
At UK2, compliance is a responsibility shared across multiple areas within the business who are also adapting processes in preparation for GDPR.
What are UK2’s Commitments?
The definition of a data processor under GDPR is a person or organisation who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal development processing.
As a data processor (your data which is on our services) we commit to:
- Processing data solely for the purposes of providing our services: UK2 will never use this data for anything other than the essential operation of the service i.e. not for marketing or data mining.
- Informing you should we ever use a subcontractor to process your personal data.
- Reporting any data breach to you without undue delay (caused by our actions as a processor).
- Helping you to meet your regulatory obligations by providing reasonable documentation about our services.
- Securely storing your data and applying strict security standards and processes.
The definition of a data controller under GDPR is simply the organisation (a legal person, agency, public authority etc) or the natural person which, alone or depending on the organisation and personal data processing activity, in collaboration with others defines what needs to happen with the person’s data and plays an important role with regards to personal data protection.
As a data controller (the data we hold about you to provide you with the service you need) we commit to:
- Only requesting and storing the personal data that is necessary for us to provide the service to you.
- Not transferring this data to third parties, other than to companies associated with UK2 and if any data is transferred outside the EU only in accordance with strict corporate data rules that are in compliance with GDPR.
- Only using that data for the purpose it was collected for; e.g. we do not sell your data on to other companies.
- Securing this data with technical and procedural standards to ensure a high level of security.
- Retaining this data for only as long as necessary.
If you would like to find out more about GDPR in general, please have a look at our blog post here.
Where is my data held and is it ever transferred outside the EU?
As a data controller (the data we hold on you as a customer) your data is held in the location you signed up in (e.g. for uk2.net it is held in the UK). If this sign-up was in the EU then all data is held and stored within the EU only.
As a data processor (the data you hold on our servers);
If your data is held on a VPS, dedicated server or managed solution, it is held in the location you requested upon deployment of your service. If this is outside the EU then the data will also be held outside of it. If the location this information is deployed to is inside the EU then the data is only stored where you requested - in the unlikely event of having to transfer this data outside of the EU adequate notice would be given to you, and would only be in response to a very exceptional circumstance.
If your data is held as part of a shared hosting service it will be held in the geographical location of the brand you are signing up for (e.g. UK for UK2.net).
If this is an ancillary service, in some cases data may be held outside the EU but only in accordance with strict contractual obligations to satisfy GDPR regulation.
How does UK2 secure my data?
We use a number of techniques and processes to ensure that data is secured, including but not limited to;
- Vulnerability scanning
- Two-factor authentication
- Role-based access controls
- Firewalls and ACLs
- Static analysis
- Network monitoring and intrusion detection
- Patch management processes