At ProspectSoft, we’re keenly aware that organisations who process personal data of people in the EU need to be sure their service providers are compliant with General Data Protection Regulations (GDPR) - that's why we are committed to ensuring our business is GDPR-compliant. Data privacy is an important human right, and in this data-driven world, more than ever, data protection is something that all companies should be paying close attention to. As well as ensuring GDPR compliance, ProspectSoft already has in place extensive data security measures that meet industry standards including ISO 27001.
Several months before GDPR became enforceable, we established a GDPR project to identify what action needed to be taken. As you would expect, ProspectSoft already complies with UK Data Protection laws, but we recognised the need to enhance some components to meet requirements of GDPR. Through this process we identified and evaluated all our systems that stored and processed personal data, including customer and employee personal data. This sounds simple, but it was a considerable undertaking for a business that has been operating for over 20 years with numerous systems in use to deliver a wide range of services. You can find out more about what we have been doing on our "GDPR Timeline".
Here at ProspectSoft, we also take our legal responsibilities and duty of care to you as a customer very seriously. In light of GDPR, we revised and implemented policies to ensure we will fulfill our obligations as a processor
of customer data under the EU's General Data Protection Regulation (GDPR) when it became enforceable on 25th May
2018, as well as clarified how you as a data controller have a responsibility to protect the information that you
enter into our software platforms. We also have a document containing a detailed list of questions and answers which can be used to complete your supplier due diligence for ProspectSoft - you can find this here.
You can find out more about your use of our software platforms with regards to GDPR by visiting the relevant Version 6 GDPR page or Prospect GDPR page.
We continue to run internal GDPR training courses to raise awareness among ProspectSoft staff about the impact of the legislation on our business. Our staff, as part of their employment induction, read and accept our Data Protection Policy to ensure a consistent level of understanding of data privacy and protection across ProspectSoft's business. Additionally, all employees are required to undertake an additional compulsory online course for Security Awareness Training focusing on, amongst other subjects, email scams and phishing.
Ongoing monitoring and enforcement is vital, and our Data Protection Officer performs internal audits, reviews and simulations as part of our drive to ensure that we remain compliant with both the letter, and the spirit, of GDPR. This helps us to demonstrate compliance to the Information Commissioner and all our stakeholders.
Furthermore, ProspectSoft are ISO 9001 accredited too. You can read more about this certification here.
We are constantly improving our security programme to address the increasingly sophisticated threat landscape and reduce the likelihood of data breaches. We reviewed our existing documented procedure for our Data Breach Response Process, as well as our ISO 27001 Business Continuity and Emergency Response process. These processes will help us to comply with the notification obligations under GDPR.
If you have any questions regarding GDPR, please visit our FAQs page or chat with us now by clicking/tapping
on the chat button.
At ProspectSoft, you can be reassured that your data is seriously secure - here's why.Learn more
Here's a link to a timeline of actions that we're working through, and when you can expect to see them released.Learn more
Read our full Terms & Policies here.Learn more