The General Data Protection Regulation (GDPR) is a strict privacy legislation with a global scope. Purdicom, Ltd. place the legislation and data protection of our Customers and Employees at the highest priority and wish to assure our customers that we are working hard to ensure compliance and adherence to the GDPR principles in all areas of our business.
This statement is to highlight to our customers the measures we have in place to ensure compliance with the GDPR where we hold, or process, personal data on their behalf.
Exceeding the requirements of the regulation, Purdicom has a designated Data Protection Officer (DPO) and Information Security Officer (ISO) who is taking full responsibility for all matters relating to data protection and GDPR compliance. Our DPO will ensure that we are both accountable and transparent to the Information Commissioner’s Office (ICO), as well as provide Data Protection training to staff employed by Purdicom as required by the Regulation.
Where the Purdicom role is that of a Data Processor, we will act on the documented instructions from the Controller or the requirements of the laws of the EU or national laws of member states and are in the process of reviewing existing agreements to ensure compliance. Where applicable, this includes cross-border data transfers and any potential use of sub-processors.
In line with the principles of the GDPR, we continually review and test our procedures to ensure the confidentiality, integrity, and availability of personal data that we store or process.
Purdicom maintains appropriate technical and organisational security measures to protect all personal data processed by us against the accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.
All employees and Purdicom are provided with Data Protection and IT Security training.
The GDPR is a significant improvement of the Data Protection Act 1998. Purdicom have internally tested the rights of Data Subjects to ensure compliance.