At EasiPC, we take protecting our customers data very importantly. With the updated GDPR guidelines coming in to effect May 25th 2018, EasiPC have defined below our customer data protection policy:
EasiPC have taken measures to ensure that all business processes are in line with the regulation. Policies are in place to allow continued compliance moving forward. A process of due-diligence shall be implemented to ensure that suppliers and service providers that EasiPC work with are compliant with the regulation. EasiPC have appointed a Data Protection Officer (DPO) whose responsibilities include advising the organisation on how best to comply with the regulation on an ongoing basis.
Firstly, we do not hold any raw personal data from your organisation within EasiPC. Our wider team of engineers will ensure no data is removed from your organisation as specified in our internal Data Protection Policy which all staff adhere to. All internal business personal data is securely stored on a GDPR approved cloud platform which requires authentication and complex passwords to access. All internal business devices are fully encrypted and EasiPC ensure all staff do not save passwords within the web browser to access our cloud services.
EasiPC has provided extensive training for staff to ensure that they have an understanding of the regulation and how it impacts on the provision of services to customers. This will continue in the run up to the regulation fully coming into place on the 25th May 2018 and will form a part of the onboarding process for new staff thereafter. Training will aim to supplement the organisational values that are set out to protect data and reduce the chance of a data breach.
Our onsite technicians, as well as completing the training, have signed our internal data protection policy to ensure they do not remove any personal data from your school or store such data on their company devices. Any school device that is taken offsite to be repaired at EasiPC will need to be covered under the schools own GDPR policy and the device in question, where personal data is held directly on it will need to be encrypted prior to transit.
All of our data systems are held within GDPR compliant third-party cloud platforms. All staff business devices used outside of the office are encrypted and use a policy to ensure passwords are complex and changed regularly. We have taken the opportunity to include our third-party partners GDPR policies below for reference.