SalamanderSoft has always taken Data Protection and privacy very seriously and view GDPR as a positive step forwards, even though it requires work to implement for all parties involved.
We can confirm that we will be complying with GDPR as both a Data Controller for the data we hold, and as a Data Processor when acting for our customers.
You can access our privacy policies here and our Data Protection Agreement here.
Our Data Processing Agreement and Terms and Conditions have been updated to reflect GDPR.
If you would like a document generating which details what data is being used for your specific installation then please contact support.
The Information Commissioner’s Office maintains a Data Protection Public Register. You can search this to find out what personal data is being processed by a particular controller. SalamanderSoft’s Registration Number is ZA362914.
You can contact SalamanderSoft’s Data Protection Officer via email at firstname.lastname@example.org.
What is the GDPR?
On May 25, 2018, a new EU privacy regulation will come into effect called the General Data Protection Regulation (GDPR). It imposes tougher obligations on businesses with regards to how they collect, store and manage personal data of EU citizens, regardless of whether the data processing takes place in the EU or not. It will apply to us both before and after the UK leaves the EU.
How does GDPR affect SalamanderSoft’s customers
Every company or organisation who stores personally identifiable of any EU citizen is required to conform to GDPR. Personally identifiable information can be a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more. The owners of the data are classified as Data Controllers and those who process other organisations’ data are Data Processors. Both Data Controllers and Processors are covered by the GDPR.
As one of our customers, you are the Data Controller for the data contained in your management systems. We act, under a contractual arrangement, as Data Processors for you. In almost all cases we are moving data around within your own systems. The only personal data we hold from our customers is that required for contractual reasons, billing, support and sales, i.e. the relevant contacts in the organisation.
What is SalamanderSoft doing to prepare for GDPR
We have always take Data Protection and privacy very seriously. In light of GDPR we have reviewed all our data processes and practices to ensure we are compliant by May 25 2018.
For example we are/have:
Updated our Data Processing Agreement to reference GDPR
Updated our Terms & Conditions to reference GDPR
Updated and publishing new privacy policies
Updated cyber security policies
Reviewed our data extracts and how we use them to minimize the amount of data used
Created a process to build documentation from your installation explaining what data is used.
Performed data protection impact assessment for both internal processes and where we are acting as data processors for you
Ensure that all our staff are trained in GDPR processes
For more information about GDPR your first stop should be the Information Commissioner’s Office. They are the UK’s independent body set up to uphold information rights and are responsible for advice on and implementing the GDPR legislation in the UK. It is definitely worthwhile exploring their GDPR resources especially their 12 steps to take now.