GDPR statement on how VoiceHost handles your data
The EU General Data Protection Regulation (“GDPR”) is European legislation that has been designed to try and harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the EU approach data privacy.
The GDPR comes into force on 25 May 2018 and introduces an enhanced EU-wide data protection regime that will have a direct effect on member states and any companies established outside the EU who wish to trade with and within the EU.
This Statement is intended to provide information relating to the steps that VoiceHost is taking to ensure compliance with the GDPR.
VoiceHost has been investigating our own systems, procedures, working practices and policies to ensure that internally we meet the requirements expected under GDPR. We have mapped data and information flows in order to assess their privacy risks.
VoiceHost is currently undergoing ISO27001 compliance audits so work is running in parallel.
The key sound bites to understand are that VoiceHost can be both the Data Controller and the Data Processor as defined below but in the context of our customers, we are considered the Data Processor.
Data Controller – where VoiceHost is the organisation responsible for determining the purposes and means of the processing of personal data; and/or
Data Processor – where VoiceHost processes personal data on behalf of our customers
Yes we have a DPO and their details can be found here:https://www.voicehost.co.uk/privacy-policy
Your data is stored in TIA-942 Tier 3, UK data centres operating to ISO27001, ISO9001 and PCI-DSS located in London and Manchester. All data is encrypted at rest.