The new Data Protection regulations are coming, we're ready!
The new General Data Protection Regulation (GDPR) will come into force in the UK from 25th May 2018.
Aside of a number of key changes listed below, the major element is the introduction of 'controller' and 'processor' of data responsabilities. As the main holder of the data, your business will be considered as a 'processor' but as the data storage and data handling provider, Zuri® will be considered as the 'controller' and as such, we want to re-assure you that we are providing a system that is fully GDPR 2018 compliant and ready.
The other key points in the GDPR 2018:
- 1) Individual Rights
- 2) Subject Access Request (SAR)
- 3) Data Breaches
Zuri® take data protection very seriously and in this vein, here is how we comply:
1) Individual Rights
Under the new GDPR, the person you hold data for has the following rights:
- - The right to be informed
- - The right of access
- - The right to rectification
- - The right to erasure
- - The right to data portability
- - The right to object
Zuri® complies with all of the above by giving access to the record held as required, from anywhere at any time. This allows the indidivual to be informed on the data held about them as well as rectify them if necessary or object to some of the data being held.
Should an individual request that his data held in Zuri® be deleted, they can then make a request and this will be processed. Additionally, if an individual would like the data held to be handed over to be imported across to a different system, this can be provided in various different formats on requests
2) Subject Access Request (SAR)
All SARs requests made directly to Zuri® must be made in writing. The letter should be marked to the attention of our data protection officer for speedier response, our team will respond within 40 days as per the GDPR requirements, there is no fee if the request is reasonable as per the regulations.
To ensure a speedier response please advise specifics of the data required. All SARs will require your identification so that we have proof it's you. Please note if you are a third party you must evidence your ability to request in full or your request may not be processed and in compliance with current regulations we will on supply the data after all of the security conditions have been met.
3) Data Breaches
Zuri® has been designed from the ground-up to be ultra secure being hosted on secure servers, with secure database and encrypted records. However, data breaches often happens at the front end of the system where user login and access data. To do so, we are introducting password rules to make sure the password used by users are sufficiently secure as well as the option to change the password on regular basis and a two factor authentication. We are also planning development to use fingerpint authentication on smartphone and tablets.