GDPR Compliance – Progress to Date:
Security and Privacy have always been a value of Elite Limited and as such has always been a part of all solution design by default. The GDPR’s updated requirements are significant, and our team is working diligently to bring our product offerings and contractual commitments in line so customers can prepare themselves before May 25, 2018. Measures to achieve this include:
- Continuing to invest in our security infrastructure
- Making sure we have the appropriate contractual terms in place
- Product offerings that include new tools for data portability and data management.
We’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies and will adjust our plans accordingly if it changes. We’ll provide you with regular updates along the way so that you’re always current.
Changes to Date:
Passwords are now stored “Hashed”
We have taken extra measures to protect your information and logins by removing all plain text password storage on ALL Elite Systems for staff and customers. We have replaced this with hashed passwords using MD5 – meaning that in the unlikely event that our network is breached, we have your passwords stored with an extra level of protection. We can never view your live password and therefore, no-one else can.
Registering with the Information Commissioner’s Office (ICO)
In preparation for GDPR, we are a registered Data Processor with ICO and have been following their detailed guidance to ensure that we operate in a secure manner with our staff and customer’s personal privacy at the forefront of data management and our operating procedures.
Corporate Security Policies & Procedures
We have reviewed, amended, and trained out all internal corporate Security Policies & Procedures so that we as a company conduct ourselves with your personal security and privacy at the forefront of all we do, while still remaining pragmatic to offering you and efficient service.
Information Asset Register & Data Flow Map
We have completed a full audit of all of our information assets and how data flows between them all. This is an important exercise to complete as it has allowed us to identify and assess any risks to data interchange. While this exercise has been completed we are still putting in place mitigation actions to fully sure up our infrastructure and the services we provide.
Information Incident Checklist & Processes
We have finalised our internal data beach processes in accordance with the guidance provided by ICO to ensure that we handle any suspected or proven information breach to the data we process and control. This includes reporting to the Information Commissioner’s Office, the customers impacted and the tools to detect such a breach.
Privacy statements have been drafted with regards to our main website https://elite.net.uk/ and our customer portal https://portal.elite.net.uk
and will be published soon on each site.
Data Protection Impact Assessments (DPIAs)
DPIAs are an extension of core business Risk Management and Elite Limited are currently undertaking mitigation actions to ensure that we are doing all we can to protect your data.
Staff contracts additional confidentiality clause
We identified that although implied in much of our staff contracts there was no specific clause detailing out employee conduct and keeping your data confidential. This is now in place alongside our code of conduct and employee handbook.
Subject Access Requests
A major new introduction in the law is the Subject Access Requests we are legally obliged to fulfil now that May 25th has passed. We at Elite now have full end to end processes so that we can fulfil these requests and have also implemented automated systems that can fulfil Subject Access Requests quicker and more conveniently for our customers.
Work in Progress and in Future
Now that Elite Limited is GDPR compliant, the company is working towards ISO 9001/27001 accreditations.