Security and Privacy have always been a value of Elite Limited and as such has always been a part of all solution design by default. The GDPR’s updated requirements are significant, and our team is working diligently to bring our product offerings and contractual commitments in line so customers can prepare themselves before May 25, 2018. Measures to achieve this include:
We’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies and will adjust our plans accordingly if it changes. We’ll provide you with regular updates along the way so that you’re always current.
We have taken extra measures to protect your information and logins by removing all plain text password storage on ALL Elite Systems for staff and customers. We have replaced this with hashed passwords using MD5 – meaning that in the unlikely event that our network is breached, we have your passwords stored with an extra level of protection. We can never view your live password and therefore, no-one else can.
In preparation for GDPR, we are a registered Data Processor with ICO and have been following their detailed guidance to ensure that we operate in a secure manner with our staff and customer’s personal privacy at the forefront of data management and our operating procedures.
We have reviewed, amended, and trained out all internal corporate Security Policies & Procedures so that we as a company conduct ourselves with your personal security and privacy at the forefront of all we do, while still remaining pragmatic to offering you and efficient service.
We have completed a full audit of all of our information assets and how data flows between them all. This is an important exercise to complete as it has allowed us to identify and assess any risks to data interchange. While this exercise has been completed we are still putting in place mitigation actions to fully sure up our infrastructure and the services we provide.
We have finalised our internal data beach processes in accordance with the guidance provided by ICO to ensure that we handle any suspected or proven information breach to the data we process and control. This includes reporting to the Information Commissioner’s Office, the customers impacted and the tools to detect such a breach.
and will be published soon on each site.
DPIAs are an extension of core business Risk Management and Elite Limited are currently undertaking mitigation actions to ensure that we are doing all we can to protect your data.
We identified that although implied in much of our staff contracts there was no specific clause detailing out employee conduct and keeping your data confidential. This is now in place alongside our code of conduct and employee handbook.
A major new introduction in the law is the Subject Access Requests we are legally obliged to fulfil now that May 25th has passed. We at Elite now have full end to end processes so that we can fulfil these requests and have also implemented automated systems that can fulfil Subject Access Requests quicker and more conveniently for our customers.
Now that Elite Limited is GDPR compliant, the company is working towards ISO 9001/27001 accreditations.