Yet another GDPR Blog
It seems like every other article is about EU GDPR right now. As boring as it may seem, it’s kinda important so here’s an update on what we have done:
We have 2 new certificates: Cyber Essentials & EU GDPR Readiness.
ASP UK have been issued with a Cyber Essentials certificate
Cyber Essentials is a UK government backed scheme to certify GDPR compliance without hiring an army of expensive consultants. As all of ASP’s development and hosting is performed by the UK head office, it’s good to know we are covered.
ASP had to submit rigorous answers to hundreds of questions regarding our processes, understanding, security systems etc to obtain the certificate.
In addition, we have passed all relevant checks for EU GDPR Readiness, assessed by IASME. Our listing is here, under ASP Solutions.
It also helps that we have a six figure security budget and everything is covered by 3 layers of firewalls.
We didn’t have too much to update here as our now retro named DPA module handled a lot of the compliance from before.
Forms: We have added a compulsory question on set-up for clients to record what the form purpose is for. This is in case you forget, or a colleague takes over later.
We have also highlighted email verification as a GDPR recommendation.
DPA Module: We have marked which options are GDPR compliant (basically clients must opt-in by clicking a checkbox which makes it clear what they are signing up for). Please check these options, or speak to your Account Manager as they can be set at the client level.
In regards GDPR and SHOWOFF, here are some key points for our clients:
- Clear Opt-in - Be clear when you are collecting data what you are collecting for and have an explicit opt-in for each use if there are multiple. For example, if it's a newsletter sign-up, and you're only using that data to send a newsletter, you don't need a check box opt-in. What you do need though is clear wording saying they will only receive newsletters and nothing else.
- Data minification - Our favourite. Don’t ask for data you don’t need. So many sites ask for date of birth. It’s not necessary. Postal address is another, unless you are posting something you don’t need it. A shorter form is a higher completed form.
- Email Verification - Don’t allow yourself to be vulnerable to unscrupulous individuals signing up other people to give you a bad reputation. Email verification removes the chance that fake sign ups could happen. If an issue arises in the future, know that ASP stores information about the confirmation click to verify compliance.
EU GDPR Compliance Document
Download this for your ASP compliance info. We are secure, hold data in Europe and are ensuring we comply with individual’s rights. You should ensure all your data processors are compliant if you collect information on EU citizens.
Updated Cookie and Privacy Policies
New Data Protection and GDPR clauses have been written and added to in our Terms and Conditions. Click here to view the additions in relation to GDPR