General Data Protection Regulation (GDPR)

APT Solutions is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards. The company complies with applicable GDPR regulations, including as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services. Our team of experienced developers, analysts, consultants and specialists will also help to support customers in meeting their obligations through the provision of expert services and value-adding solutions.

1. The company has three main areas of focus for GDPR overseen by an internal team:
   Building on existing security and business continuity management systems, to ensure our own compliance
2. Product programmes to support compliance for users of our software applications including solutions to streamline the process and drive greater efficiency
3. Provision of services and solutions which help customers to understand and prepare for GDPR, develop compliance plans and build a stronger platform for the future by taking control of their data

It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.

1. Compliance

APT Solutions has a robust internal structure and in order to ensure compliance continues to implement additional or augmented company-wide controls to meet GDPR requirements. Led by our Chief Operations Officer, updated information security policies and procedures build on existing management systems and the foundation of our policies and procedures, informed by gap analysis and data protection assessments and supported by communication and training programmes.

Compliance has been supported by a review of existing contracts with data controllers, the use of sub-contractors and any data export arrangements.

APT’s Data Protection Officer will inform, advise and monitor compliance. The company continues to implement tools as appropriate that support these processes, provide necessary security and aid in the ongoing delivery of objectives.

As data processor, the company undertakes risk assessments to include more detailed consideration of the data types we hold and a data protection impact analysis of personal information stored and processed. Policies such as incident response plans and backup data retention will be reviewed and updated.

Where we hold financial data our retention policy is 7 years, which adheres to recommended best practice.

Our customer data is held securely at Rackspace who are a trusted service partner, their data security and privacy policies can be found at https://www.rackspace.com/en-gb/information/legal/privacycenter/customer-data-security-and-privacy

The APT Privacy Policy can be found at http://www.aptsolutions.net/about/privacy
 

2. APT Software Applications

APT’s broad range of software applications are used to provide efficient and high-quality services. As such the company is committed to providing technology solutions to support customers’ GDPR obligations, whether through standard features or added value solutions or toolkits.

All organisations should be confident, for example, that personal and transactional data can be located and anonymised or erased, in order to respond to requests to delete, rectify, transfer, access or restrict the processing of data.

APT will be releasing new Service Packs which ensure our systems continue to be GDPR compliant.  Should any of those packs impact on your service, our account management team will be in touch with you.

Alongside the Service Packs we will be offering our clients enhancement options, customers should contact their account manager for any further details.

3. Helping Customers Adapt to Change

The volume of data handled by organisations is growing and is captured, processed and stored on an increasing number of devices and networks. Requirements such as data protection impact assessments, active mitigation of risks and evidence of risk management measures will require organisations to develop a more disciplined approach to customer data, especially those with personal data spread across many locations and/or systems with varying levels of personal data quality and ownership. Furthermore, investing in the management of consent presents an opportunity to build trust and provide increasingly useful services.

APT’s team of experienced analysts and consultants can support customers in their journey to compliance and beyond, supported by our experts. These in-house experts bring deep expertise in information and data management as part of a complete capability to deliver a new generation of digital services from concept to implementation. Services offered include:

• Training workshops to help organisations to fully understand the GDPR
• Health checks, to assess how organisations are doing in relation to the GPDR, including identification of gaps, risks and formulation of roadmaps to achieve compliance now and in the future
• Provision of contracted Data Protection Officer services

If you need support on GDPR please feel free to contact us by emailing sales@aptsolutions.net