GDPR Statement
Introduction
The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will impact every organisation which holds or processes personal data. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties.
DMS Commitment
DMS are committed to high standards of information security, privacy and transparency and will comply with applicable GDPR regulations. Working alongside our customers, we will explore opportunities within our services to assist our customers to meet their own GDPR obligations.
All DMS portable devices that are taken offsite are encrypted with Bitlocker, so the complete hard drive is encrypted and protected by a ‘key’. All ‘on-site’ devices use Remote Apps and so there is no data stored locally on them. The Remote Apps and the data that they access are encrypted and protected by an SSL Certificate.
All remote users use an RDS server that is encrypted through an SSL Certificate and we use Office 365 for email and Microsoft Azure for DR.
Data Retention
DMS retain personal data only for as long as necessary to provide the services you have requested and thereafter for a variety of legitimate legal or business purposes.
Data Management in Our CRM System
Our Customer Relationship Management (CRM) system plays a crucial role in managing interactions with current and potential customers. It records personal data essential for providing personalised services and support. We ensure the integrity and security of data within our CRM system, adhering to strict data protection principles. Access to this data is limited to authorised personnel who require it to perform their job functions. We commit to using this information responsibly, maintaining its accuracy, and keeping it up to date.
GDPR The Microsoft Commitment
Microsoft is the first major cloud services provider to pledge GDPR compliance
‘We understand that GDPR compliance is a shared responsibility. That is why we are committed to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018.’
‘We are also committed to share our experience complying with complex regulations to help you craft the best path forward for your organisation to meet the privacy requirements of the GDPR. With the most comprehensive set of compliance and security offerings of any cloud provider and a vast partner ecosystem, we are prepared to support your privacy and security initiatives now and in the future.’
DMS and Microsoft
DMS are a Microsoft Solutions Partner and follow Microsoft’s recommendations who have has extensive expertise in protecting data, supporting privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses.
Microsoft are a data controller and a data processor under GDPR. A data controller ‘determines the purposes and means of the processing of personal data’ whereas a data processor ‘processes personal data on behalf of the controller’. As a data processor, Microsoft have already promised to share the details of their contractual commitments in accordance with GDPR and to adhere to all articles of the regulation by May 2018.
DMS promote the use of Microsoft Services and Tools to adhere to GDPR requirements including:
Azure
Dynamics 365
Office 365
Intune and Enterprise Mobility and Security
SQL Server and Azure SQL Database
Windows 10, 11 and Windows Server 2016, 2019 and 2022
As well as following guidelines we are assisting our customers in implementing these methods.
Data Protection Officer
DMS has designated a Data Protection Officer (DPO), who is taking full responsibility for all matters relating to data protection and GDPR compliance. The DPO will ensure that we are accountable and transparent to the supervisory authorities.
Data Breaches
DMS have processes in place for identifying, reviewing and promptly reporting data breaches to our DPO immediately and would provide them with:
An overview of the breach
All relevant contact information
Potential consequences of the data breach
Suggested actions and measures taken to manage the situation
Access to Personal Information
Individuals possess the right to obtain and review their personal data information we hold about them. This right ensures individuals can check and confirm the legality of how we process their data.
Requests for accessing personal data should be directed to us via email at enquiries@dmsystem.co.uk
Design & Management Systems:
Mohammed Iqbal – Data Protection Officer – 01322 420140
mohammediqbal@dmsystem.co.uk