StaySafe and GDPR
- What is GDPR?
- What is the purpose of GDPR?
- When does the Regulation come into effect?
- Will StaySafe be compliant with GDPR when it comes into effect? How will this affect me and my use of StaySafe?
- Are you independently audited?
- What personal data do you process?
- What do you do with the data StaySafe collects?
- Where is the data you collect processed?
- How long does StaySafe retain personal data for?
- Who has access to personal data?
- If the data subject asked to be supplied with the information about them that you hold, could you do this?
- Could you change the personal data you hold if it was incorrect or incomplete?
- Does StaySafe have an appointed GDPR representative I can contact regarding any additional queries I have?
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a new pan-European regulation, which comes into effect on 25 May, 2018, replacing the 1995 EU Data Protection Directive. On the same day, the UK’s Data Protection Bill will also pass into law, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.
GDPR, and the Data Protection Act 2018, expand the privacy rights granted to data subjects (EU/EEA individuals) and place greater obligations on organisations who handle personal data of those individuals (data controllers and processors), wherever those organisations are based.
2. What is the purpose of GDPR?
The purpose of the GDPR and the UK’s Data Protection Bill is to provide a set of standardised data protection laws across EU member countries (and post-Brexit UK) which give EU and UK citizens greater control over their personal data. For example, giving you greater transparency into how your data is being used and ensuring that the organisations you entrust with your data are taking care of it. The regulation comes at a time when more and more personal data is being generated by every individual as they use more services and technologies.
3. When does the Regulation come into effect?
25 May, 2018.
4. Will StaySafe be compliant with GDPR when it comes in to effect? How will this affect me and my use of StaySafe?
StaySafe is continuing to work to ensure we are compliant with GDPR by May 2018. This work includes updating all our customer-facing materials and agreements. As we finalise these, we will proactively contact our customers to provide relevant updates. We will also be providing further updates via our website, and would invite you to keep an eye out for that information once it is available.
5. Are you independently audited?
Since 2015, StaySafe has been BS8484 certified, and is routinely audited by an independent third party to ensure compliance with the certification. Our staff are security screened and we have appropriate data protection policies for the personal data that we hold. We continually review and improve our security processes.
StaySafe also engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with StaySafe’s management. StaySafe’s development team reviews and prioritises the reported findings and tracks them to resolution.
6. What personal data do you process?
The personal data we use to provide StaySafe services includes: name, email address, and phone number of the StaySafe end-user (i.e. the lone worker being monitored by our solutions). During lone worker activity (which the end-user is in control of), or during active incidents, we also collect location data which may include: latitude, longitude, speed, course and altitude.
7. What do you do with the data StaySafe collects?
We process personal data in order to provide our customers with StaySafe’s services and to provide support. We do not provide personal data we hold to advertising agencies, or to other parties for other similar, unconnected purposes.
8. Where is the data you collect processed?
StaySafe relies on a number of component services and providers in order to deliver services to our customers.
All of our main processing (the processing of user and location data) is carried out on servers that are located in the European Economic Area (EEA). StaySafe uses carefully chosen suppliers and providers to perform other discrete tasks which may result in data being transferred outside of the EEA.
Whenever data is stored in those services, we ensure that the relevant data is protected to EU standards, by using a mechanism for the transfer that has been approved by the EU. For example, we enter into EU standard contractual clauses (or “model clauses”) with providers of those services in respect of the transfer of any personal data, unless there is another approved transfer mechanism present, such as the merchant being certified under the EU-US Privacy Shield framework, in which case, model clauses are not necessary.
9. How long does StaySafe retain personal data for?
We retain data for differing periods, based upon the relationship under which we obtained the data, the type of data subject (i.e. whose data it is), the type of data (e.g. email address) and the type of use (for example, is it being used to protect lone workers). Where appropriate, we agree these periods with our customers.
10. Who has access to personal data?
StaySafe’s personnel practices apply to all members of the StaySafe workforce (“workers”) – regular employees and independent contractors – who have direct access to StaySafe’s internal information systems (“systems”) and / or unescorted access to StaySafe’s office space.
All workers are required to understand and follow internal policies and standards, and undergo background security screening. Upon termination of work at StaySafe, all access to StaySafe’s systems is removed immediately.
11. If the data subject asked to be supplied with the information about them that you hold, could you do this?
Any such query should be shared with the ‘data controller’ of your personal data. This may be your employer or other organisation who have contracted with StaySafe to provide a lone worker solution. If you send through your query, we can direct you to the appropriate party.
12. Could you change the personal data you hold if it was incorrect or incomplete?
Where appropriate, StaySafe will be in a position to action such requests in time for when GDPR becomes effective.
13. Does StaySafe have an appointed GDPR representative I can contact regarding any additional queries I have?
Should you have any queries relating to StaySafe’s approach to processing personal data please get in touch by email via firstname.lastname@example.org.