GDPR (General Data Protection Regulation) is a privacy and security law that protects data on individuals collected by companies. Here at ID Card Centre, we handle a lot of sensitive information on a daily basis, so we take our role as a data controller very seriously. We want our customers to be satisfied that we’re doing everything we can to keep your data safe so you can have complete confidence in us.
Below, you’ll find all the things we have done to ensure we’re strictly adhering to the GDPR rules and regulations.
The steps we’ve made to secure your data
- Appointed an internal contact to handle all GDPR requests. For more information on our GDPR policy, you can contact Nicola O’Brien via her email address, [email protected]
- Attended training and workshops to ensure our knowledge of GDPR is fully up to date
- Appointed a legal professional who is an expert in GDPR to ensure that all our policies, processes, and communications are GDPR compliant
- Completed a full audit of all suppliers, checking important details such as how and where they store data, and their individual GDPR security policies – we can confirm that we stopped working with all suppliers that didn’t pass the audit
- Reviewed internal data collection processes to ensure GDPR compliance
- Put additional processes in place to ensure the data subjects’ rights are easily met for things such as objecting or restricting processing, accessing, rectifying or deleting data, and ensuring ID Card Centre can supply data reports when required
- Updated our website to contain clear information and asking for consent where data is required
- Reviewed how long we retain data for, and changed processes – all data on printed ID cards will be deleted after 30 days, unless you ask us to delete it sooner
- Ensured data protection is a primary consideration in all existing and new processes
Account holders on the ID Card Centre website can also access a GDPR Tool by visiting their account. This allows you to view, change and delete the data we hold on you. You may also request a full data report, which will be emailed to you within a few hours.
Data protection when printing ID cards
A large part of ID Card Centre’s operation is plastic card printing, for staff ID cards and ICE tags to name a few. This, as you may realise, involves a lot of personal data, including names and photos.
It is during this process where we become a data processor and the customer becomes a data controller, and therefore our processes have been updated accordingly to help you remain compliant with GDPR regulations.
To help with compliance, we have:
- Given the customer the tools to securely transfer data (we don’t use email for this purpose)
- Ensured the data will not leave our UK-based premises
- Ensured that data can only be accessed by specific members of the team who have received full GDPR and information security training
- Secured our printing bureau so it can only be accessed by authorised personnel
- Created a storage facility where any sample cards, misprints and ribbons are locked away, before being sent for secure recycling
- Arranged for all data to be deleted 30 days after your order is dispatched, to give you plenty of time to check your order for any issues
Staff Training
All staff receive mandatory training on data protection and information security, and are specifically trained in spotting any potential data breaches and suspicious or fraudulent activity.
Privacy policy
ID Card Centre’s privacy policy details what we use your data for in a clear and transparent way. We hope this gives you confidence when dealing with our company.
Cookie policy
We now list all the cookies used on our website and state what they are used for, and also inform you how you can manage your settings. You can view ID Card Centre’s cookie policy for more information.
Information security
Along with ensuring we meet GDPR regulations, we also take information security extremely seriously. To ensure strict security, we have:
- Implemented cyber security strategies to protect the business, our customers, and any data
- Appointed an independent cyber security consultant to carry out internal and external vulnerability assessments (including a penetration test) – we’re happy to report that both internal and external assessment results were excellent
- Upgraded our firewall
- Gained a Cyber Essentials certification
Upon the advice of our independent cyber security consultant, we cannot name the security solutions we are using as the information is strictly confidential. It must remain for internal use only, and passing this information to third parties may cause vulnerability. However, we must assure you that our cyber security measures go far beyond what is required from GDPR.
If you would like any copies of our policies or processes or want to find out more about data protection and cyber security measures, please email [email protected] and we’ll be happy to assist.