At ProspectSoft, we’re keenly aware that organisations who process personal data of people in the EU need to be sure their service providers are compliant with General Data Protection Regulations (GDPR) - that's why we are committed to ensuring our business is GDPR-compliant by 25th May 2018, when GDPR becomes enforceable. Data privacy is an important human right, and in this data-driven world, more than ever, data protection is something that all companies should be paying close attention to. As well as ensuring GDPR compliance, ProspectSoft already has in place extensive data security measures that meet industry standards including ISO 27001.
Several months ago, we established a GDPR project to identify what action needed to be taken. As you would expect, ProspectSoft already complies with UK Data Protection laws, but we recognised the need to enhance some components to meet requirements of GDPR. Currently, we are identifying and evaluating all our systems that store and process personal data, including customer and employee personal data. This sounds simple, but it's a considerable undertaking for a business that has been operating for over 20 years with numerous systems in use to deliver a wide range of services. You can find out more about what we have been doing on our "GDPR Timeline".
Here at ProspectSoft, we also take our legal responsibilities and duty of care to you as a customer very seriously. For
some time, we have been revising and implementing policies to ensure we will fulfill our obligations as a processor
of customer data under the EU's General Data Protection Regulation (GDPR) when it becomes enforceable on 25th May
2018, as well as clarifying how you as a data controller have a responsibility to protect the information that you
enter into our software platforms. We also have a document containing a detailed list of questions and answers which can be used to complete your supplier due diligence for ProspectSoft - you can find this here.
You can find out more about your use of our software platforms with regards to GDPR by visiting the relevant Version 6 GDPR page or Prospect 365 GDPR page.
We are currently running internal GDPR training courses to raise awareness among ProspectSoft staff about the impact of the legislation on our business. Our staff, as part of their employment induction, read and accept our Data Protection Policy to ensure a consistent level of understanding of data privacy and protection across ProspectSoft's business. Additionally, all employees will have to undertake an additional compulsory online course for Security Awareness Training focusing on, amongst other subjects, email scams and phishing.
Ongoing monitoring and enforcement is vital, and our Data Protection Officer will perform internal audits, reviews and simulations as part of our drive to ensure that we remain compliant with both the letter, and the spirit, of GDPR. This helps us to demonstrate compliance to the Information Commissioner and all our stakeholders.
Furthermore, ProspectSoft are now ISO 9001 accredited too. You can read more about this certification here.
We are constantly improving our security programme to address the increasingly sophisticated threat landscape and reduce the likelihood of data breaches. In the first quarter of this year, we are reviewing our existing documented procedure for our Data Breach Response Process, as well as our ISO 27001 Business Continuity and Emergency Response process. These processes will help us to comply with the notification obligations under GDPR.
If you have any questions regarding GDPR, please visit our FAQs page or chat with us now by clicking/tapping
on the chat button.
At ProspectSoft, you can be reassured that your data is seriously secure - here's why.Learn more
Here's a link to a timeline of actions that we're working through, and when you can expect to see them released.Learn more
Read our full Terms & Policies here.Learn more