Digital ID News

Digital ID & GDPR: What You Need to Know

0

You may already be aware that on the 25th May 2018, the current UK Data Protection Act is being replaced by the EU General Data Protection Regulation, commonly known as the GDPR.

It is essential that customers and subscribers understand how as an organisation, we are adhering to the new GDPR regulations.

We encourage you to take a moment to read our latest post, which provides you with assurances that your personal data is handled securely and in accordance with the principles of the GDPR.

Where do we store customers personal data?

All personal data is stored in the United Kingdom, and we will never send data outside of the European Economic Area (EEA).

Policies

Our company policies have been reviewed and are updated every 12 months.

The following policies have undergone a recent review, with the latest policy documents available to view online:

Data Protection Policy:

https://www.digitalid.co.uk/download/Digital_ID_Data_Protection_Policy.pdf

Website Privacy Policy:

https://www.digitalid.co.uk/download/Digital_ID_Privacy_Policy.pdf

IT Security Policy:

https://www.digitalid.co.uk/download/Digital_ID_IT_Security_Policy.pdf

Certifications

We show a continued commitment to ISO 27001 and are audited every 12 months to ensure we are still meeting all requirements.

Our certificate number is 14122882, and a copy of our recent certification is available to download here: https://www.digitalid.co.uk/download/ISO27001.pdf

Showing our commitment to IT security, we have also been issued a Cyber Essentials certification.

Certification is now required when bidding for government contracts which involve handling personal information, and our certificate number is 3233805065424030.

You can download a copy here: https://www.digitalid.co.uk/download/Cyber_Essentials.pdf

Training

Digital ID staff have attended advanced GDPR courses to improve and share their knowledge on the new regulation. Network manager Daniel Hesford (pictured below), achieved the EU GDPR Practitioner Qualification which enables us to carry out regular data audits and create project plans to help us to continue to improve our systems and policies ensuring your personal data is safe and handled according to the principles of the GDPR.

You can view or download a copy of the certificate here:

EU GDPR Practitioner: https://www.digitalid.co.uk/download/EU_GDPR_Practitioner_Daniel_Hesford.pdf

Digital ID EU GDPR Practitioner - Daniel Hesford

Email Marketing Preferences

Both customers and subscribers must give their consent to receive on-going email communication from Digital ID, and are given access to freely update their individual marketing preferences at any given time by visiting: https://www.digitalid.co.uk/account/marketingPreferences

We honour individuals marketing preferences, and never sell or share any marketing lists with 3rd party companies.

Third Party Suppliers

All of our suppliers must complete our GDPR compliance document and we regularly make supplier site visits.

 Software

EasyBadge Windows Software:

Customers using this software are informed that the data is hosted on the client’s network, and they are responsible for any personal data. The database can be stored using Microsoft Access, Microsoft SQL, MySQL or Oracle but these databases are hosted by the customer and not by Digital ID.

EasyBadge Smartphone App

Data is stored on the Android or Apple device. When uploading from the app to the EasyBadge Windows software, data is then stored on a private server hosted by UKFast and only accessible by authorised UKFast and Digital ID staff. The data centre is located in Manchester, UK. Data is stored temporarily until it’s downloaded by the EasyBadge Windows software. It is then retained for 2 days and then deleted from the hosted server. UKFast data centres are ISO 27001 certified, PCI-compliant and secured to UK government IL4 standards.

You can download a copy of the EasyBadge Privacy Policy using the link below:

https://www.easybadge.com/content/download/EasyBadge_Privacy_Policy.pdf

 VisitorPass Windows Software

The data is hosted on the client’s network, and they are responsible for any personal data. The database can be stored using a Microsoft SQL database, but these databases are hosted by the customer and not by Digital ID.

Effects of GDPR on ID Card Printing

While the above looks explicitly at how Digital ID is adhering to the new GDPR regulations, we have also created a helpful guided which looks at the effects of GDPR on ID card printing.

If you are the person responsible for printing photo ID cards, then GDPR will impact on your responsibilities.

Effects of GDPR on ID card printing.

Click here to download a free copy of our guide.

Additional Questions

We understand that every organisation we work with may have unique requirements when working with 3rd party’s in relation to GDPR, therefore, if you have any questions relating to the above, we are more than happy to help.

Questions can be emailed to gdpr@digitalid.co.uk.

 

Adam Bennet
Adam has been the Digital Marketing Manager here at Digital ID since 2015. Adam is in charge of the content creation and promotion on our blog and has been featured on sites like Entrepreneur, Talk-Business and Brighter Business to name a few. See what he gets up to in the office by following him on Twitter @adamjbenno.

Leave Your Comment

Your Comment*

Your Name*
Your Webpage