At ProspectSoft, we’re keenly aware that organisations who process personal data of people in the EU need to be sure their service providers are compliant with General Data Protection Regulations (GDPR) - that's why we are committed to ensuring our business is GDPR-compliant by 25th May 2018, when GDPR becomes enforceable. Data privacy is an important human right, and in this data-driven world, more than ever, data protection is something that all companies should be paying close attention to. As well as ensuring GDPR compliance, ProspectSoft already has in place extensive data security measures that meet industry standards including ISO 27001.
Several months ago, we established a GDPR project to identify what action needed to be taken. As you would expect, ProspectSoft already complies with UK Data Protection laws, but we recognised the need to enhance some components to meet requirements of GDPR. Currently, we are identifying and evaluating all our systems that store and process personal data, including customer and employee personal data. This sounds simple, but it's a considerable undertaking for a business that has been operating for over 20 years with numerous systems in use to deliver a wide range of services. You can find out more about what we have been doing on our "GDPR Timeline".
Here at ProspectSoft, we also take our legal responsibilities and duty of care to you as a customer very seriously. For some time, we have been revising and implementing policies to ensure we will fulfil our obligations as a processor of customer data under the EU's General Data Protection Regulation (GDPR) when it becomes enforceable on 25th May 2018, as well as clarifying how you as a data controller have a responsbility to protect the information that you enter into our software platforms. You can find out more about your use of our software platforms with regards to GDPR by visiting the relevant Version 6 GDPR page or Prospect 365 GDPR page.
We are currently running internal GDPR training courses to raise awareness among ProspectSoft staff about the impact of the legislation on our business. Our staff, as part of their employment induction, read and accept our Data Protection Policy to ensure a consistent level of understanding of data privacy and protection across ProspectSoft's business. Additionally, all employees will have to undertake an additional compulsory online course for Security Awareness Training focusing on, amongst other subjects, email scams and phishing.
Ongoing monitoring and enforcement is vital, and our Data Protection Officer will perform internal audits, reviews and simulations as part of our drive to ensure that we remain compliant with both the letter, and the spirit, of GDPR. This helps us to demonstrate compliance to the Information Commissioner and all our stakeholders.
Furthermore, ProspectSoft is already in the process of ISO 9001 certification, which will help to ensure that the policies and processes that we have in place (across the business, not just for GDPR) are understood and followed.
We are constantly improving our security programme to address the increasingly sophisticated threat landscape and reduce the likelihood of data breaches. In the first quarter of this year, we are reviewing our existing documented procedure for our Data Breach Response Process, as well as our ISO 27001 Business Continuity and Emergency Response process. These processes will help us to comply with the notification obligations under GDPR.
If you have any questions regarding GDPR, please visit our FAQs page or chat with us now by clicking/tapping
on the chat button.
At ProspectSoft, you can be reassured that your data is seriously secure - here's why.Learn more
ProspectSoft conforms to international standards and best practice to keep our data secure. Learn more about our IS0 27001 certification here.Learn more
Here's a link to a timeline of actions that we're working through, and when you can expect to see them released.Learn more
Read our full Terms & Conditions here.Learn more