|Revisions||Reviewed Statement. Relocated document external to ISP|
The European Union has taken steps in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. From this date EU residents will have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Pipe Ten is aware of its role in providing the right tools and processes to support its users and customers to meet their GDPR mandates.
Pipe Ten’s Commitment
Pipe Ten are registered with the ICO and have always honoured their customers’ right to data privacy and protection in accordance with the covered by the ICO. Pipe Ten have no necessity to collect and process their customers’ personal information beyond what is required for the functioning of their services.
How have Pipe Ten prepared for GDPR?
As a data controller we understand our obligation to our customers and their personal data. We have thoroughly analysed the GDPR requirements and are working through several initiatives to ensure that we are only holding the minimum information required to provide the contracted services to our customers, that we allow customers to manage the data that is held and easily be able to provide access to the data and removal wherever possible.
Identifying personal data
We are undertaking a systematic review of the personal data that is being stored, managed, retained, collected, processed and disposed of across our various systems. Assessment of this data will review information flow, any data transfers, risk, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.
Providing visibility and transparency
The most important aspect of GDPR is how the collected data is used. As a data controller we are committed to allowing customers to manage their personal data. Some of these details do filter through to Pipe Ten’s back-end systems which are not publicly visible for certain applications such as billing or support but all this data can be retrieved or removed on request where appropriate.
Enhancing data integrity and security
We have always taken the privacy and security of our customers data seriously operating to PCI DSS standard or better whilst constantly looking for ways to improve the levels of security. This proactive approach has allowed us to advise and implement security measures for customer’s hosted solutions to cover their own data storage. Following the GDPR data assessment we also identified new technology platforms that have been implemented to further improve this data security, operation & compliance.
Portability and transferability of data
GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, we have been implementing new internal procedures and policies to improve the efficiency of the data exporting process.
Training and Awareness
Pipe Ten undertake internal training for all staff on GDPR and its impact on the policies, procedures, and responsibilities.
Supplier & Partner relationships
Pipe Ten have used all reasonable endeavours to ensure that their third party and suppliers are complying with the GDPR.
What does this mean for Pipe Ten customers?
There will be no difference to the service that Pipe Ten customers receive. We have simply made sure that we are fully compliant with the GDPR by 25 May 2018 through improved access controls, procedures and policies for data subjects rights, regular data audits, restricting retained data and enhanced security of customer data. Pipe Ten’s senior Management Team and advisors will continue to monitor the GDPR programme up to the target date in May 2018 and beyond.
Can we search our personal data on your systems?
Your personal data that you have provided to Pipe Ten can be found and updated in your online control panel.
Can we delete our personal data from your systems?
By updating or closing your account, your personal data will be removed from Pipe Ten’s systems. Any data that has filtered through to the backend systems can also be requested to be deleted where applicable.
Can we export our personal data from your systems?
On request Pipe Ten will be able to provide a full export of an individual’s personal data.
Do your standard contract terms include the new GDPR mandatory provisions?
The contract terms have been updated to include the new GDPR mandatory provisions.
Do you have a documented Breach Notification Process?
Yes, please raise a support ticket or notify email@example.com.
Can you confirm our right to have perennial data deleted or returned upon termination of contract at no extra cost?
Any personal data that is not active or not legally required to kept for longer periods will not be retained for more than 12 months and upon request can be deleted on termination of contract.
Can you confirm that you offer full transparency of data transfer to other parties/destinations?
What is your geographical location?
What is the geographical location of your data systems?
South Yorkshire, UK.
Greater Manchester, UK.
Should we consider Pipe Ten a data processor?