The Future Of UK Data Protection
Memset will be fully GDPR compliant by 25th May 2018, and to any UK-specific codes of conduct or related data protection legislation as it is published and comes into force under UK law.
This will include our technical and organisational security controls, customer and supplier contractual matters, internal processes, data flows and customer assurance activities. We will further assist our customers where possible to help them achieve their own GDPR compliance for systems operating on our infrastructure.
How Are We Becoming Compliant?
Memset has undertaken a full review of all current data protection processes and technical and operational controls underlying our compliance as a Data Controller and Data Processor. Significant investment is being made to ensure that we meet, and can assist our customers in meeting, the stringent new requirements within GDPR.
Memset has engaged an expert consultancy firm and legal advisors to bolster the skills and experience of our internal auditors, data protection specialists and technical security personnel.
Transparency And Certification
Memset will seek certification to an appropriate standard or GDPR-specific certification programme as one becomes available as per Article 42 of the regulation.
In the interim, Memset has engaged with a third-party audit firm to conduct an independent review of our data protection stance with respect to GDPR, the report of which will be made available to customers and opportunities under NDA once completed.
How Can We Help You With GDPR?
We will shortly be releasing an additional Data Processing Addendum relating to all Memset services that will clearly identify our responsibilities, the responsibilities of the customer and where we can assist with them. This will be a plain language document that will include all necessary rights that must be provided to the customer under GDPR, aligned specifically to the services that we provide.
Where relevant, we will also be re-architecting our services in order to provide additional products, features and capabilities that customers may find useful in meeting GDPR requirements, particularly those related to Article 32 of the regulation (‘Security of processing’).
Memset will also make available a comprehensive Customer Assurance Pack to all customers and opportunities under NDA to provide maximum transparency of our services, our security and governance controls protecting these and steps customers can take to maximise the security and data privacy configuration of their services. We will provide extended audit rights to all customers as per GDPR requirements.