GDPR

News | Apr 1, 2018

GDPR Compliance

PM Solutions are committed to the highest standards of information security, privacy and transparency in accordance with GDPR and ISO 27001:2013. As a data processor, PM Solutions will implement any additional controls within our Information Security Management System (ISMS) to ensure we comply with the GDPR regulations when it comes into force on 25 May 2018.

As a processor PM Solutions has already conducted reviews within the business, with consideration to the data types we hold and how data is protected.  We have assessed and documented our data structure  We have reviewed how we store and handle all data in a secure manner

Preparation for GDPR

PM Solutions:

  • Has documented what personal data we hold, where it came from and what we do with it
  • Has an appropriate and up to date Data Protection policy
  • Decision makers and key people in the business demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business
  • Manages information risks in a structured way so that management understands the business impact of personal data related risks
  • Has implemented appropriate technical and organisational measures to integrate data protection into our data processing activities
  • Provides Information Security awareness training to all staff
  • Has effective and robust processes to identify, report, manage, and resolve any personal data breaches
  • Has encryption in place for data ‘in transit’ or ‘at rest’
  • Policies in place for incident response, back up and data retention

Controls in place:

  • PM Solutions maintain own on-site FTP server enabling clients to securely transmit and receive data. Individual customer accounts are set up to facilitate these transmissions.
  • Data received is contained within our production systems and is accessible only to authorised IT and production staff for the sole purposes of processing the data for client mailings.
  • Security and error logs are enabled on all machines on our network.
  • User access is managed by named user identification, and authorised by the relevant manager.
  • User activity is performed using individual ‘Log-On’ (user names) and password control.
  • Server logs are checked on a sample basis every 2 weeks.
  • System administrator and operator activities are logged and protected against tampering and unauthorised access
  • Has created a new GDPR compliant Data Exchange Agreement

Other forms of security checks are also in place such as penetration testing, intrusion detection and internal audit. Data breaches are handled as per our Data Breach Management policy; clients will be notified immediately of any data breaches should they occur.

PM Solutions has a continual focus in preparing for GDPR and will be compliant with GDOR regulations before it comes into force in May 2018. PM Solutions is ISO27001:2013 accredited and work to a very high level of integrity.

Data Exchange Agreement (DEA) Over the next few weeks our sales team will be in contact with all our clients to retract the previous Data Exchange Agreements and provide you with our new GDPR compliant DEA.

26 March 2018