GDPR defines a number of roles which determine responsibility and the guidelines for handling of personal data:
All Silver Innovation clients are responsible for their own adherence to GDPR. It is not the responsibility of Silver Innovation to enforce or implement any rules or changes for data controllers (i.e. our clients).
Silver Innovation, as data processors, shall provide sufficient technical and organisational practices that meet the GDPR guidelines for data processors. This is to ensure any handling of any data on our client's behalf is confidential, secure and responsible. We may disclose data to service providers who render services to us or our clients, all of which are contractually obliged to act only on our instructions and in accordance with applicable laws including GDPR.
The GDPR laws which have come into affect are globally impactful, being law in the UK and EU countries. Furthermore, other countries which serve UK and EU citizens are also required to adhere to the same guidelines.
As such, any website, application or software developed prior to GDPR coming into affect on 25th May 2018 may require further changes to ensure compliance with the guidelines, and how they specifically apply to each client
These changes may be subject to additional investigation & development charges as advised by Silver Innovation on a case-by-case basis due to the diverse rules and nature of the website/application/software.
The extent of changes required will depend on several factors:
We advise the following:
GDPR includes several data subject rights which data controllers are obligated to respect
In the first instance, it is the responsibility of the data controller to respond to all requests and fulfil where possible - via any content management system (CMS) or administration area.
As a service provider (data processor), Silver Innovation may be required to manually intervene to technically carry out certain tasks not available through the existing CMS/Administration. All manual requests will be carried out for free for clients who are covered by a support & maintenance agreement. Otherwise, requests will be chargeable at our standard agreed hourly rate.
The data subject rights that Silver Innovation can manually assist with are as follows:
Silver Innovation, as a data processor, retain backups for 3 months for the purpose of providing restoration of data in the event of a disaster recovery scenario. These backups are stored securely and accessible only via an encrypted platform.
Silver Innovation, as a data processor, will comply with the GDPR guidelines surrounding data breaches, such as notification of clients within 72 hours of a breach being detected etc. Further details can be found here
Silver Innovation recommend all websites/applications are operated under a secure https:// connection to ensure encryption is in place to secure data in transit
Specific data encryption is implemented on a case-by-case basis based on the level of sensitivity of the data and any specific requirements or instructions from clients (data controller)