General Data Protection Regulation

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA) which we comply with. Those rules will remain under GDPR and will form the core of our compliance with the new legislation.

We (TCRM Technology Ltd) comply with all applicable GDPR regulations as a data processor when they come into force on May 25, 2018.

As a data processor we do not under any circumstances sell or pass on your data to third parties, we are unaware of any of our customers engaged in this process either but clearly under GDPR that is the responsibility of the data the data controller.

Our Obligations

As a web host, we are committed to addressing EU data protection requirements applicable to us as a data processor. These include:

Data processing: Our ability to fulfil our commitments as part of article 28 of the Regulation as a data processor to our customers, is a part of our compliance with GDPR. You, the data controller, are using a third-party such as ourselves to process personal data. Because of this requirement, we have assessed our existing data protection policies and practices and updated them as appropriate. In addition, our Terms & Conditions of business now include and agreement that our customers as data controllers will adhere with the GDPR.

Data sharing: The data our customers store with ourselves is theirs, however for certain services such as domain registrations we will be guided by ICANN and Nominet rules & regulations

Customer’s Obligations

Understand GDPR: You should familiarise yourself with the provisions of the new regulation. Understand how the new regulations may differ from your current data protection obligations and consider any changes to working practices that may need to be implemented.

As a data controller you need to be prepared for the GDPR.

Audit the information you hold and the processes that capture such data: Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps. Consider creating an updated and precise inventory of personal information that you control.

Stay informed: Keep up to date of regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. It is advised to take in the information provided on the Information Commissioner’s website, the UK representative within the EU working group.

What’s Next?

We will continue to monitor and make additional required operational changes resulting from the GDPR, and will keep our clients informed accordingly.