Design and Management Systems
The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will impact every organisation which holds or processes personal data. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties.
DMS are committed to high standards of information security, privacy and transparency and will comply with applicable GDPR regulations. Working alongside our customers, we will explore opportunities within our services to assist our customers to meet their own GDPR obligations.
All DMS portable devices that are taken offsite are encrypted with Bitlocker, so the complete hard drive is encrypted and protected by a ‘key’. All ‘on-site’ devices use Remote Apps and so there is no data stored locally on them. The Remote Apps and the data that they access are encrypted and protected by an SSL Certificate.
All remote users use an RDS server that is encrypted through an SSL Certificate and we use Office 365 for email and Microsoft Azure for DR.
GDPR The Microsoft Commitment
Microsoft is the first major cloud services provider to pledge GDPR compliance
‘We understand that GDPR compliance is a shared responsibility. That is why we are committed to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018.’
‘We are also committed to share our experience complying with complex regulations to help you craft the best path forward for your organisation to meet the privacy requirements of the GDPR. With the most comprehensive set of compliance and security offerings of any cloud provider and a vast partner ecosystem, we are prepared to support your privacy and security initiatives now and in the future.’
DMS and Microsoft
DMS are a Microsoft Gold Partner and follow Microsoft’s recommendations who have has extensive expertise in protecting data, supporting privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses.
Microsoft are a data controller and a data processor under GDPR. A data controller ‘determines the purposes and means of the processing of personal data’ whereas a data processor ‘processes personal data on behalf of the controller’. As a data processor, Microsoft have already promised to share the details of their contractual commitments in accordance with GDPR and to adhere to all articles of the regulation by May 2018.
DMS promote the use of Microsoft Services and Tools to adhere to GDPR requirements including:
- Dynamics 365
- Office 365
- Intune and Enterprise Mobility and Security
- SQL Server and Azure SQL Database
- Windows 10 and Windows Server 2016
As well as following guidelines we are assisting our customers in implementing these methods.
Data Protection Officer
DMS has designated a Data Protection Officer (DPO), who is taking full responsibility for all matters relating to data protection and GDPR compliance. The DPO will ensure that we are accountable and transparent to the supervisory authorities.
DMS have processes in place for identifying, reviewing and promptly reporting data breaches to our DPO immediately and would provide them with:
- An overview of the breach
- All relevant contact information
- Potential consequences of the data breach
- Suggested actions and measures taken to manage the situation
Design & Management Systems:
Sarah Hooper – Office Manager – 01322 420140