Data Processor GDPR Compliance Assurance Statement
Compliance Area Assurance Statement and supporting Document Reference
1) Processing to meet the requirements of the Regulation – See Appendix 1.
2) Restrictions on Sub-Contracting – No personal client information it transmitted to third parties.
3) Controller/ Processor contact – All Staff
4) Demonstrating compliance – TTSS will incorporate GDRP into standard SSAIB audits & recertification reviews.
5) Security – See Appendix 2.
6) Breach Notification – See Appendix 3.
7) Data Protection Officers Danny Botterell/Dave Caley
8) Transfers to third countries – Not Applicable. TTSS operates solely within the UK.
9) TTSS is registered with the ICO (Information Commissioner’s Office) registration reference ZA335597
TTSS have been updating our Data Processing methods to meet the requirements of the GDPR in order to continue to lawfully transfer personal data to our internal databases and permit TTSS to continue to lawfully receive and process that data;
• Updating our third-party vendor contracts to meet the requirements of the GDPR in order to permit us to continue to lawfully transfer EU personal data to those third parties and permit those third parties to continue to lawfully receive and process that data;
• Analysing all of our current products and services to determine whether any improvements or additions can be made to make them more efficient for those client’s subject to the GDPR;
In addition, we will be prepared to address any requests made by our customers related to their expanded individual rights under the GDPR:
• Right to be forgotten: You may terminate your account the TTSS at any time, in which case we will permanently delete your account and all data associated with it. Caveats will be in place to ensure that any data loss by the client will be their responsibility after the purge.
• Right to object: Our practices are currently compliant as we do not transmit customer data to any third parties for marketing or any other purpose.
• Right to rectification: Clients may contact TTSS at any time to access, correct, amend or delete information that we hold about you.
TTSS continually seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access. We demonstrate this by submitting to a SSAIB re-certification audit annually in March.
Under the GDPR, we must notify any data breach to the controller without undue delay. TTSS therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller.
We would provide the controller with:
• A description of the nature of the breach
• Contact details of the responsible data protection officer or any other contact person
• Likely consequences of the breach
• Proposed and imposed measures that were taken to limit harmful effects
We would stress again that we have comprehensive technical and organisational security measures in place to mitigate against a data breach.