As a provider of cloud hosted unified communications services, we recognise and are committed to maintaining the highest standards of information security.
The scope of information security is broad and we believe we have taken a thorough approach with our commitment to ensuring the confidentiality, integrity and availability of customer, supplier and employee data.
Our team monitor current regulation, assess compliance and coordinate activities to ensure TelcoCloud continue to meet requirements.
The EU General Data Protection Regulation (GDPR) comes into legally enforceable effect on 25th May 2018 replacing the Data Protection Directive (DPD).
What is GDPR?
The European Union General Data Protection Regulation (GDPR) has been put into effect to ensure a consistent approach, where previously a Directive (Data Protection Directive) relied on interpretation and localised laws which conflicted across European countries.
The Regulation reflects a collaboration of the European Economic Area to provide a solution to application of data protection law and enhancing the rights of individuals in the first major overhaul for many years.
Each country will have a Supervisory Authority in place to regulate compliance and issue fines dependent on the impact to the rights and privacy of the individual/s affected. For the UK this is the Information Commissioners Office (ICO) and maximum penalties for breach of the GDPR can be very high.
What has changed?
Anybody responsible for controlling or processing an individual’s personal data will now be required to ensure there is a lawful reason for collection and processing, where relevant consent is secured and is made freely and easy to retract, only the necessary data required is retained and only for as long as it is required.
The sharing of individual’s data is also restricted with further explicit consent being required if using or wishing to share with other parties for any other purpose than it was originally collected for unless other lawful reasons for sharing the data apply, for example to investigate criminal activity or in the best interests of the data subject.
A person will now be able to easily access their personal data, make applications to correct, port, restrict or have it deleted under qualifying circumstances.
For full details on changes to data protection regulation please refer to the ICO website www.ico.org.uk
Your Legal Rights under GDPR
The right to be informed
Individuals have a right to understand when their personal data is being held and processed, even when this has been obtained indirectly.
The right of access
You can request access to your personal data at any time to be aware of and verify the lawfulness of the processing, this is via a Subject Access Request (see below).
The right to rectification
Personal data can be easily rectified if inaccurate, incomplete or out of date. This can be done by updating your control panel (insert link) or by written request (please see below for information)
The right to erasure
Under qualifying criteria, you can request your data to be deleted where there is no lawful reason for its continued processing. Please refer to the GDPR regulation or ico.org.uk for full details.
The right to restrict processing
Under qualifying criteria, you can request the processing of your data to be restricted. This means your data will still be held but not processed and may apply where information is inaccurate or if there is an objection over the lawfulness of the processing. Please refer to the GDPR regulation or ico.org.uk for full details. Please send your request in writing as per the below instructions.
Where data is restricted, TelcoCloud shall, where possible, also inform any involved 3rd parties of the restriction.
The right to data portability
Individuals can request personal data to be provided in order to reuse elsewhere and/or moved from one IT environment to another in a secure manner without hindrance. Please send your request in writing as per the below instructions.
The right to object
Where processing of your data is taking place under certain purposes and no legitimate reason exists for this, you have the right to object. Please send your request in writing as per the below instructions.
Rights in relation to automated decision making and profiling
Automated decision making, and profiling can only take place where consent or a lawful reason apply. Processors are also required to notify individuals when their data is processed by automated means and provide information about the processing and lawful reason for doing so. It should be straightforward for an individual to challenge or request intervention.
Accessing my Data – Subject Access Request
If you wish to make a request to access the personal data we hold, you must provide the following:
Application in writing – You will need to make a request in writing via email using on our contact page.
Proof of identity – You will need to provide proof of identity as part of your application. Please provide contact telephone numbers as identity is confirmed via a callback and DPA verification from a member of our team for data protection purposes
What to include in your application – please state the specific data you wish to access
If you wish to apply to restrict, rectify, port, object or request erasure of your data, please submit your request in writing as above also including the qualifying circumstances that apply.
Please note in order to validate your request our staff must verify your identity for data protection purposes and where relevant, confirm the qualifying criteria.
Following verification TelcoCloud will provide the information and lawful basis for processing your data within one month of receipt. This will be in a format that is concise and intelligible and will cost £10.