1. Executive Summary
The team at 121 Systems welcomes the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018. 121 Systems has always taken information security seriously including that of personal data regardless as to whether 121 Systems is considered a controller or processor.
Regarding the GDPR, 121 Systems has been working towards being fully compliant throughout 2017 and early 2018 to ensure that our clients can be confident that they are dealing with a fully GDPR compliant organisation.
121 Systems has assessed the GDPR and matched its activities against the regulations in five key areas.
121 Systems considered the regulation against 121 Systems as:
- A data controller of its employee data.
- A business that provides implementation services.
- A business that provides support services to its clients concerning 121 Systems provided solutions.
- A data processor of third-party data such as specific client own customer data where such data is required to facilitate support services provided by 121 Systems to a specific client.
- A business that develops software solutions.
121 Systems has some policies that are used to ensure GDPR compliance which can be released to a client should a detailed question in respect of compliance be raised.
121 Systems is currently registered with the Information Commissioner’s Office (ICO).
121 support services are provided from offices located in the United Kingdom.
Following a thorough assessment, 121 Systems has amended its operations and associated policies and procedures as necessary to comply with GDPR fully.
121 Systems continues to review all of its suppliers and prospective suppliers for compliance with the GDPR.
121 Systems is carrying out Privacy Impact Assessments as necessary.
The 121 Systems website has been updated so that anyone who accesses the site will have the assurance that they will be contacted, where a request has been raised to do so and treated by GDPR requirements.
The team at 121 Systems will continue to maintain and acquire accreditations that demonstrate its commitment to information security, including personal data.