You may already be aware that on the 25th May 2018, the current UK Data Protection Act is being replaced by the EU General Data Protection Regulation, commonly known as the GDPR.
It is essential that customers and subscribers understand how as an organisation, we are adhering to the new GDPR regulations.
We encourage you to take a moment to read our latest post, which provides you with assurances that your personal data is handled securely and in accordance with the principles of the GDPR.
Where do we store customers personal data?
All personal data is stored in the United Kingdom, and we will never send data outside of the European Economic Area (EEA).
Our company policies have been reviewed and are updated every 12 months.
The following policies have undergone a recent review, with the latest policy documents available to view online:
Data Protection Policy:
IT Security Policy:
We show a continued commitment to ISO 27001 and are audited every 12 months to ensure we are still meeting all requirements.
Our certificate number is 14122882, and a copy of our recent certification is available to download here: https://www.digitalid.co.uk/download/ISO27001.pdf
Showing our commitment to IT security, we have also been issued a Cyber Essentials certification.
Certification is now required when bidding for government contracts which involve handling personal information, and our certificate number is 3233805065424030.
You can download a copy here: https://www.digitalid.co.uk/download/Cyber_Essentials.pdf
Digital ID staff have attended advanced GDPR courses to improve and share their knowledge on the new regulation. Network manager Daniel Hesford (pictured below), achieved the EU GDPR Practitioner Qualification which enables us to carry out regular data audits and create project plans to help us to continue to improve our systems and policies ensuring your personal data is safe and handled according to the principles of the GDPR.
You can view or download a copy of the certificate here:
EU GDPR Practitioner: https://www.digitalid.co.uk/download/EU_GDPR_Practitioner_Daniel_Hesford.pdf
Email Marketing Preferences
Both customers and subscribers must give their consent to receive on-going email communication from Digital ID, and are given access to freely update their individual marketing preferences at any given time by visiting: https://www.digitalid.co.uk/account/marketingPreferences
We honour individuals marketing preferences, and never sell or share any marketing lists with 3rd party companies.
Third Party Suppliers
All of our suppliers must complete our GDPR compliance document and we regularly make supplier site visits.
EasyBadge Windows Software:
Customers using this software are informed that the data is hosted on the client’s network, and they are responsible for any personal data. The database can be stored using Microsoft Access, Microsoft SQL, MySQL or Oracle but these databases are hosted by the customer and not by Digital ID.
EasyBadge Smartphone App
Data is stored on the Android or Apple device. When uploading from the app to the EasyBadge Windows software, data is then stored on a private server hosted by UKFast and only accessible by authorised UKFast and Digital ID staff. The data centre is located in Manchester, UK. Data is stored temporarily until it’s downloaded by the EasyBadge Windows software. It is then retained for 2 days and then deleted from the hosted server. UKFast data centres are ISO 27001 certified, PCI-compliant and secured to UK government IL4 standards.
VisitorPass Windows Software
The data is hosted on the client’s network, and they are responsible for any personal data. The database can be stored using a Microsoft SQL database, but these databases are hosted by the customer and not by Digital ID.
Effects of GDPR on ID Card Printing
While the above looks explicitly at how Digital ID is adhering to the new GDPR regulations, we have also created a helpful guided which looks at the effects of GDPR on ID card printing.
If you are the person responsible for printing photo ID cards, then GDPR will impact on your responsibilities.
Click here to download a free copy of our guide.
We understand that every organisation we work with may have unique requirements when working with 3rd party’s in relation to GDPR, therefore, if you have any questions relating to the above, we are more than happy to help.
Questions can be emailed to firstname.lastname@example.org.