The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.1
How does FireServiceRota comply with GDPR?
FireServiceRota is subject to and complies with the EU General Data Protection Regulation (GDPR).
By law, we are obligated to have multiple processes and checks in place to keep our users’ data safe. Any type of data breach (e.g. accidental destruction, divulgence, loss, or tampering) must be reported to the owner of the data, as well as the authorities within 72 hours.
In this article, we detail our vision, policies and concrete actions taken to safeguard privacy, security and data quality. For us, these topics are not just a matter of GDPR compliance. It is about protecting our customers, their trust in us, and ensuring the continuity of our company.
The following key elements of GDPR are addressed:
Data privacy
The data our customers and users provide is theirs. We use it only in their benefit and only for the purposes agreed. This starts with having a clear overview of which data we process, for which purpose, and in which system it is stored.
In more detail, the locations of our primary processing and storage systems are:
- Our web application is hosted in data centres within the EU.
- Backups are stored in an encrypted format on Amazon S3 servers within the EU.
Upon logging in, we ask users to read and agree with our privacy policy. This document is GDPR-proof, easy to read and explains how and why we use their data. We ask explicit consent before collecting and handling particularly sensitive data such as GPS locations.
These permissions can be managed in detail and withdrawn just as easily as granting them. It is the shared responsibility of the customer (Data Controller) and FireServiceRota (Data Processor) to have a Data Processing Agreement in place. FireServiceRota has this document available, tailored to the nature of the data we capture and the way we process the data.
In case FireServiceRota is integrated with an HR system, we collect the minimum amount of information needed. All other data is managed by the user in an effort to give them full data visibility and control to add or remove personal data and to maintain a high level of data quality.
To support data portability we offer a standard set of tools including the downloading of contact information as a vCard and our library of secure machine-readable integrations.
Responsibility for privacy is carried at the highest level in our organisation. Our Managing Director is also the designated Data Protection Officer (DPO). He has the knowledge and mandate to create and enforce policies.
Our Data Breach Policy document is part of our Business Continuity plan. This policy describes:
- what is considered a data leak,
- when to file a formal report to government regulators and/or customer,
- what information must be included in the report,
- how to assess the incident and introduce improvements
The Business Continuity plan is the standard document everybody in the team falls back to in case of incidents. It lists all parties to communicate with, including the customer privacy or security manager, GovCertUK, the PSN team and the Information Commissioner’s Office.
Data security
As a Software-as-a-Service (SaaS) provider, delivering our services over the internet, security is a major concern. There is a large number of security measures in place and they are frequently updated.
- We apply strong (SSL or HTTPS) encryption to all information transferred between the user and our servers.
- Database backups are stored off-site in an encrypted format. They can only be decrypted by FireServiceRota personnel.
- Passwords are stored in an encrypted format. FireServiceRota never manages or requests user passwords but instead allows users to manage their own password.
- We enforce a password policy including minimum length requirements, we support Single Sign On (SSO) and lockout users after 5 failed login attempts.
- Server administrators can only access our infrastructure using public/private encryption keys, instead of more vulnerable username/password authentication. These keys can be revoked within minutes at any time in case of loss, or contract termination.
- We use intrusion detection and prevention software at multiple levels, which bans traffic that exhibits malicious behavioural patterns, such as too many failed login attempts, port scans that search for weaknesses, or denial of service attacks.
- Software developers have access to customer data on a need-to-know basis. Their local development environment is fully encrypted. Any sensitive data on their PCs is unreadable in case of stolen or lost devices.
- We enforce 2-factor authentication for all administrators. This can also be enabled for customer administrative accounts.
Data quality
Data quality is ensured with a number of procedural and technical measures in place:
- The option of a daily synchronisation with customers’ HR systems ensures there is a ‘single source of truth’.
- Users can review and amend their personal data.
- Data is validated at the moment of capture. Common examples are the formatting of email addresses and phone numbers.
Destruction of personal data
There are 2 moments to consider the destruction of personal data:
- A person ends their employment with the F&RS.
- The customer ends the contract with FireServiceRota.
User account expiration
In the first case, we look to protect the individual’s privacy by removing as much personal data as possible. However, in order to ensure data integrity, we may need to hold on to historical data. For example, if we need to run the last payroll export reports or explain why certain crewing levels were (not) met in the past. The suggested procedure, in this case, is to remove all non-essential personal data such as addresses, phone numbers and messages. In all cases we suspend the user’s account, blocking access to the data of the station they were a member of.
Expiration or cancellation of the FireServiceRota contract
In this case, we provide options to retrieve any data the F&RS wishes to hold on to. Using our suite of APIs, the customer can access data in a machine-readable format. All user accounts are suspended. Next, the service may choose to have their data destroyed or obfuscated. After one month, our database backups will no longer contain any customer data that was destroyed.
Conclusion
Although FireServiceRota processes sensitive personal data such as contact details, contractual information, detailed availability and GPS information, our customers rest assured that our commitment is to protect their privacy and sensitive information, as well as being transparent with the use of data.
Data protection and privacy have our strategic focus at every level of our organisation, permeating virtually every business process from customer support and product development to data storage and system administration.
For more information, you can contact our helpdesk, where we will be happy to assist you with any questions you have.
References:
- What is GDPR, the EU's new data protection law? (2019, February 13). Retrieved November 27, 2019, from https://gdpr.eu/what-is-gdpr.