A few weeks ago we sent out an email briefly detailing the General Data Protection Regulation (GDPR), which comes into force today (25 may 2018), as well as the steps being taken by SimplePay to ensure complete and timely compliance.
Privacy and security of clients’ data has always been our top priority so the system was already built based on the concept of “privacy by design”, as required by GDPR. This means we were largely compliant long before GDPR came into being. We have therefore only had to make minor tweaks to our already stringent internal and external privacy and security policies.
With that in mind, we’d like to give you a brief update on what we’ve been working on recently to meet our obligations as a Processor under the GDPR:
- Conducted a gap analysis on existing policies as well as any updates required to these policies highlighted in the gap analysis
- Designed and documented processes for data subject requests
- Appointed an EU Representative as required by Article 27
- Reviewed all third party processors for compliance
- Reviewed all employment contracts for GDPR compliance
- Implemented GDPR readiness training for all staff
- Reviewed and updated processes and policies for incidents and data breaches
More detailed information about GDPR, and how it affects your SimplePay data, can be found on our GDPR page. Details of the process for requests by data subjects are also available on this page.
As always, we are more than happy to answer any queries or concerns you may have so please get in touch.