What is the General Data Protection Regulation? (GDPR)
The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data. The GDPR comes into effect from 25th May 2018. Taking data security and privacy seriously At Cloudsource Solutions, we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights, as such we are committed to maintaining compliance with the GDPR. Under any compliance regime, it is easy to state compliance but much harder to prove. To this end, we have taken the decision to implement certain policies and procedures to ensure compliance. With these in place Cloudsource Solutions can ensure that the appropriate controls for the management of information are in place and that we are working to meet our legal and regulatory requirements, including those outlined in the GDPR.
Thank you for trusting us with your business and please be assured that we will always take the security and privacy of our client data very seriously.
- Simon Michaels – Chairman, Cloudsource Solutions
- Christine Hills – Chief Executive Officer, Cloudsource Solutions
- Rosanne Gordon – Managing Director, Cloudsource Solutions
- Rob Loveday – Operations Director, Cloudsource Solutions
Cloudsource Solutions is the trading name of Cloudsource Solutions Limited, a company registered in England under company number 09073813.
How do you ensure that personal data is handled appropriately?
Cloudsource Solutions operates and maintains Information Security procedures to control its information assets appropriately. We implement human, organisational and technological security controls to protect our information assets and that of our clients (including personal data) from unauthorised access, unwanted disclosure, modification, theft / loss, denial of service attacks, or any other threat.
Cloudsource Solutions has implemented and applies internal policies and procedures that support the protection of informational assets. Cloudsource Solutions uses cloud computing platforms with high availability and dependability. To achieve end-to-end security and end-to-end privacy all services used by Cloudsource Solutions are built in accordance with security best practices, privacy by design requirements and appropriate security controls.
How have you documented the Personal Data you hold?
Cloudsource Solutions has completed a full company wide information classification assessment, this allows us to understand the data in every part of our business (both our own data and that entrusted to us), the highest level of protection required for each of these data sets and how we can further implement controls to reduce the likelihood of an incident impacting these assets in the future.
How do you manage risks and incidents relating to information assets?
Cloudsource Solutions uses a formal information security risk management framework to identify and manage known or potential risks to the information assets within our business. Our internal policy and procedures look to reduce risk for each information asset held against the possible loss of confidentiality, integrity and availability and defines appropriate controls.
We operate a formal incident management process to identify, contain and recover from a security incident should one occur and uses this process to help prevent reoccurrence.
What training do your staff go through?
Cloudsource Solutions provides ongoing security awareness training for all staff and actively promotes the key principles of information security.
- Confidentiality
- Availability
- Integrity
What legal, regulatory and contractual requirements do you operate under?
Cloudsource Solutions complies with UK law guidelines, industry standards and best practice for information security. Cloudsource Solutions has policies and procedures in place based on industry and vendor best practices to protect the information assets it keeps for our customers, partners and our own information assets. The communications and operations management is planned for and deployed with regard to the security of Cloudsource Solutions information assets and the operations of the whole information processing environment. Our policy and procedures set standards for our information security controls, some examples being
- Clean Desk Policy
- Email Policy
- Internet Usage Policy
- Password Construction Policy
- Password Protection Policy
- Data Protection Statement
Where can I find your Privacy Notice?
For further information on how we process (collect, store, share and handle) your data is available in our company Privacy Notice.