Alchemy announce GDPR statement

March 16th, 2018 - Posted in News

Alchemy Systems GDPR Statement

The General Data Protection Regulation (GDPR) which will be effective from May 25, 2018 is designed to protect the fundamental right to privacy for every EU resident. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU and as such is regulation affecting all members, and therefore does not require the UK to draw up new legislation and will apply automatically

Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Alchemy is enhancing its existing data protection policies and providing the right tools and processes to support its users and customers to meet GDPR mandates.

 

Alchemy Systems Commitment

At Alchemy, we have always protected our users’ right to data privacy and protection. As an IT company we treat data security as paramount. Over the years, we have demonstrated our commitment to data privacy and protection by meeting the industry standards for ISO 27001 in the Alchemy Systems International data centers, holding Cyber Essentials accreditation in Alchemy Systems, and have strong data processing and IT systems security systems in place. We are actively now revising them to meet the requirements of the GDPR.

 

How has Alchemy Systems prepared for GDPR?

We have thoroughly analyzed our responsibilities to meet the GDPR requirements and have put in place a dedicated internal team to drive us to meet them. Our ongoing initiatives we built upon –

  1. Appointing our DP (Data Processing) officer as project manager, as we are already on the current DP register we are in good shape and understand what is required to be compliant
  2. Identifying where data is captured and how it is stored, then working on what upgrades are required to be compliant
  3. Logging how we process all information and highlighting data that is affected by this legislation
  4. Improving data breach procedures to identity theft or a confidentiality breach.
  5. Planning a re-education program for all staff

 

When processing data we undertake checks and ensure the following:

  • The processing is lawful, fair and transparent
  • Transparent about what the data is being used for
  • Data is collected for a specific purpose
  • The data is necessary for the purpose
  • The data must be accurate and kept up to date
  • Data is not kept for longer than necessary
  • The data is kept safe and secure

 

We have a Data Protection Policy document distributed to all staff that underpins our responsibilities and process. This can be made available on request and after receipt of a signed NDA.