GDPR and Bright Contracts
Data Protection has always been a concern for Bright Contracts and we’ve always aimed to act with complete integrity in this regard. But like all companies in preparation for GDPR, we have had to complete a total review on how we gather, maintain and use data.
Data Files
Firstly, Bright Contracts does not have access to your data files, except where they have been submitted for support reasons. We have no control over the authority, the quality or safety of the data input. You and you alone are responsible for the accuracy and completeness of your records. Whilst we have security measures in place to protect your data, it remains your responsibility to keep your sign-in details secret, to sign off from Bright Contracts when you are not using it and to ensure there is no unauthorised access to your computer.
How we’re preparing
Some of the key changes that we’ve made that will affect our customers include;
- We will be updating the data protection policies within the software over the coming months.
- From time-to-time when assisting with an employee query, in order to fully resolve the query the only solution for us is to request a backup of our customer's file. If you are required to send us a backup file it is saved centrally in a secure location and then deleted after one week. The data you provide us will never be used for any other purpose other than the reason it was provide. We have also worked on increased encryption of data files.
- We are currently finalising our privacy policies and these will be going live on our websites shortly. The new privacy policies make it clear to any individual whose data is processed by Bright Contracts how we use your data, who we share it with and how long we keep it for. We've really worked to keep the wording as plain and simple as possible.
- We are in the process of completing internal IT audits on every company PC, deleting any unnecessary data. Going forward our plan is to run these audits regularly, as it is a great way for us to keep track of all the data that we hold and ensure we are not retaining anything unnecessary.
- We have looked at how information is sent to and retrieved from our secure servers, be it for the purposes of maintaining our website or our CRM system. We have now changed all of our servers over to more secure Microsoft Azure servers. We have also introduced IP white listing, meaning that knowing the login credentials is not enough, the request must come from a trusted location.
- We have introduced extra consent fields in different areas of the software / websites. Going forward, with the exception of essential software updates, customers will not be contacted unless they have specifically opted in. Of course we think that our newsletters and webinar invites are quite informative, so we would definitely recommend that you sign-up.
- Internally, we will be holding staff training and update sessions to ensure our staff are fully aware of the new legislation and how it impacts their role.
- We undertake not to sell, trade, rent or share any personally identifiable information to others. This information and more is set out in our privacy policy. An updated version of which will be going live in the coming months.
