GDPR Commitment Statement
Sub 6 Limited’s commitment to the
General Data Protection Regulation (GDPR)
We are seeing more clients contact us with questions on the upcoming implementation of GDPR (General Data Protection Regulation).
Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA) which we comply with. These rules will remain valid under GDPR and will form the basis of our compliance with the new regulation. In addition, our ISO27001 (Information Security Management) accreditation means we have already been handling data in accordance to the new law for over 3 years.
Sub 6 Limited will comply with all applicable GDPR regulations as a data processor when they come into force on May 25, 2018.
We are committed to addressing EU data protection requirements applicable to us as a data processor. These include:
Data processing: Our ability to fulfil our commitments as part of article 28 of the Regulation as a data processor to our customers, is a part of our compliance with GDPR. You, the data controller, are using a third-party such as ourselves to process personal data. Because of this requirement, we have assessed our existing data protection policies and practices and made changes where appropriate. In addition, our Terms & Conditions of business are currently being redrafted.
Data sharing: The data our customers store with Sub 6 Limited is theirs, however for certain services such as domain registrations we will be guided by ICANN and Nominet rules & regulations
Third-party audits and certifications: Sub 6 Limited are ISO27001 accredited. ISO 27001 demonstrates that we are following information security best practice. This provides an independent, expert verification that information security is managed in line with international best practice and business objectives. The key components of our ISO27001 environment include:
Assessment of Risk
Organization of information security
Physical and environmental security
Information security incident management
As a data controller now is the ideal time for you to begin preparing for the GDPR. Consider the following:
Understand the GDPR: You should familiarise yourself with the provisions of the new regulation. Understand how the new regulations may differ from your current data protection obligations and consider any changes to working practices that may need to be implemented.
Audit the information you hold and the processes that capture such data: Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps. Consider creating an updated and precise inventory of personal information that you control.
Stay informed: Keep up to date of regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. It is advised to take in the information provided on the Information Commissioner’s website, the UK representative within the EU working group.
We will continue to monitor and make additional required operational changes resulting from the GDPR, and will keep our clients informed accordingly.
A number of our key partners are yet to formalise their position on the regulation. When this happens, the relevant processes will become more clearly defined. We will continue to assess our strategy for GDPR over the next few months.
Released: January 2018.
This document was written for informational purposes only and is not to be relied on for any reason. It is subject to change or removal without notice.