GDPR Policy
Statement of Compliance
Introduction
On 25 May 2018 the new EU General Data Protection Regulation (GDPR) comes into force (this includes the United Kingdom regardless of its decision to leave the EU) and will impact each and every organisation that holds or processes personal data. It introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and a significant increase in penalties compared to the current Data Protection Act (DPA) that it will supersede.
Simply put, individuals will now have greater say over how, why, where and when their personal data is gathered, processed and disposed of. Any organisation that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data. Organisations that hold and process personal information about clients, staff or suppliers, are legally obliged to protect that information.
Our Commitment
AMX Solutions has always honoured our customers’ right to data privacy and protection. We are committed to GDPR compliance by:-
-
Only collecting information needed for a specific purpose eg:
Supporting AMX users with system issues. This requires we hold a user’s name, contact number, organisation, job title and e-mail address.
Updating clients and AMX users about developments. This will be done through our quarterly newsletter, invites to User Groups and offering AMX training.
Invoicing client organisations for initial system configuration, licence agreements and delivery, annual system maintenance and training courses delivered.
To action the above we will hold the following data for individuals:- -
Name
-
Job Title/Position
-
Organisation
-
Contact Number
-
E-mail Address
-
Ensure data is relevant and up to date.AMX Solutions will update it’s CRM as we are notified of changes.
-
Only hold as much data as needed and will review how long the data is stored for eg if we are provided with a client database to resolve technical issues then it will be held securely and deleted once the issue is resolved.
-
Allow the subject of the information to see it on request – this can be requested using our Special Access Request form.
-
Keep it secure.
-
Offer individuals to “opt-out” by e-mailing GDPR @ amxsolutions.co.uk.Please be aware that we still have to hold your name and e-mail address on the “right to be forgotten” log to ensure we do not communicate with you in future.
-
Never sharing your contact information with third parties.
We have demonstrated our commitment by adhering to the current UK Data Protection policy, and now we are revising our own internal policies in order to meet the requirements of the GDPR. AMX Solutions is, and has always been, committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards. This includes our role as a data processor, whilst also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
Security/Data Breach Incident Policy
As part of the AMX Solutions Information Security/Data Breach/Incident Policy we need to know who to contact in your organisation, to a) officially notify your organisation of any breach of your organisation’s data within the designated timeframe for your country and b) to work with to investigate what data may have been compromised and quickly resolve any issues.
AMX Solutions Ltd will therefore need to hold a name, job title, organisation, e-mail address and contact number for the person/department to contact. This will only be shared with the Information Commissioner’s Office.
In the event that your organisation suffers a data breach concerning AMX Solutions data then please notify us within 72 hours by e-mailing GDPR @ amxsolutions.co.uk using URGENT ACTION REQUIRED: Data Breach in the Subject Title or alternatively calling +44 (0)333 456 0768 or 07501 890941 and asking to speak to a member of the GDPR Team.
What we are doing to help our customers
AMX Solutions Ltd is fully aware of our role in helping to provide the right tools, systems and processes to support our customers’ need to meet their GDPR mandate. We are also aware of where our responsibility starts and finishes and where it is more prudent to recommend or liaise with other professional services organisations to help our customers to meet the requirements of GDPR beyond the realms of IT.
What you can do to prepare for GDPR
We understand that meeting the GDPR requirements will take a lot of time and effort. As your IT partner, we want to offer as much help as you require to make the process as seamless as possible. If you are just getting started with GDPR compliance in your organisation, here is a quick to-do list to keep in mind:
-
Appoint a data privacy officer, or team, to oversee GDPR activities and raise awareness
-
Identify the personal data that is being collected and minimise where possible
-
Analyse and record how this information is being processed, stored, retained and deleted
-
Establish procedures to respond to data subjects when they exercise their rights
-
Create processes for data breach notification activities
-
Assess the threats and risks to your business through the creation of a risk register
-
Review current security and privacy processes and where applicable, revise your contracts with third parties and customers to meet the requirements of the GDPR Train your staff both in terms of cyber security risks and also data privacy policy
-
Secure your data, both in the office and on the move
-
Backup your business critical data, ideally both in the office and in the Cloud
-
Bring your own organisation in line with the government’s Cyber Essentials scheme.