Our Commitments to You as Your Data ProcessorCome May 25th, the EU GDPR comes into force (as your inbox has likely made you aware), bringing all of the frightening fines with it. It is, however, a great opportunity for businesses all over the world that deal with EU states to critically assess their approach to securing personal data. Over the last few years, as online marketing has become more aggressive and ubiquitous, ways of identifying and reaching individuals have become services, whose currency is personal data. With this is mind, perhaps it is time we saw personal data as a currency, and took the same steps to ensure ours doesn’t fall into the wrong hands. At Cryoserver, we believe GDPR is the start of doing just that. To ensure transparency, we have listed below the answers to some of the more frequently asked questions about our role and commitments to our customers and data controllers after May 25. Strictly speaking, we are a Data Processor for any business using our services. We store, secure and provide various levels of access to your company email data. What is stored, how it is stored and how long it is stored are decisions that you make as a Data Controller, and actions we take as a Data Processor. We cannot read your emails. There is no action we could take without your consent that would involve any member of our team seeing personal data in your emails. Do you sub-contract any processing activity? No. Any processing is carried out by individuals under the direct employ of Cryoserver.Do you have a Data Protection Officer? We are not a public authority, and don’t process personal or sensitive data on a large enough scale to warrant the appointment of an independent DPO. Our point of contact for all GDPR-related matters is: Robin Bingeman, Managing Director T: 0207 045 0520 E: firstname.lastname@example.org FCS (UK) Ltd., Wiggleswoth House, 69 Southwark Bridge Road, London, SE1 9HH, United Kingdom What lawful basis do you have for processing personal data? Any company using Cryoserver has entered a contractual agreement with us to process employee email data on their behalf – or in the case of on-premise users, provide them the means to process employee data themselves. This gives us lawful basis under article 6 of the GDPR to process personal data in order to fulfil the contract Do you transfer personal data outside the EEA, or is any data accessed from outside the EEA? We do not transfer personal data to any other organisations, in or outside the EEA How do you ensure the security of the personal data you Cryoserver is ISO 27001 certified, with processes and policies in place to ensure confidentiality of all data, processed or controlled. Our product also securely encrypts any email data it stores and audits any access to that data. This measure is not only GDPR compliant, but also extremely helpful when it comes to demonstrating that compliance. What happens in the event of a breach at Cryoserver?
In the very unlikely event that our security measures are compromised and it were possible that personal data was accessed, then we have a procedure in place to effectively deal with the breach and notify the relevant authorities – including you, as the data controller.
The details of these procedures can be found in our GDPR statement.
If you couldn’t find the answer to your questions above, please get in touch with us directly, and we will respond with your answer and add it to this list.Blog