GDPR

GDPRThe GDPR (General Data Protection Regulation) is a regulation which came into force on the 25th May 2018. The regulation covers the use and control of peoples data who are based within the European Union.

On the 1st of January 2021, the UK left the EU, which meant that the original GDPR was no longer applicable in the UK. The UK GDPR has replaced the original one with an extra addition called the Data Protection Act 2018.

We began investigating the impact of GDPR around May 2016. We care about our customer’s privacy and data and understand how much of a trusted position that our customers put us in.

The UK GDPR is, thankfully, not much different compared to the original one. The main differences are that some of the terms have been altered to fit UK processes better. Some more minor changes have been made that don’t directly affect our data handling, such as altering the minimum age to keep customer’s data.

Data controllers and processors

These are the two core roles that businesses subscribe to under the GDPR act. The question is where does Signable fit in these? How does it affect your data? To help answer these questions we explain that in more detail here.

What changes have Signable made to be GDPR compliant?

Our main changes are internal, performing a full data audit to ensure that the data that we hold isn’t excessive and unnecessary. We have also updated the following policies to better reflect our role in protecting your data.

We have also created a Data Processing Amendment which can, if required, be signed.

Along with complying with GDPR, we are also in process of achieving ISO27001 certification, which isn’t, specifically, a requirement of GDPR, however, is an important step in data security.