The biggest shakeup of Data Protection Legislation comes into force on the 25th May 2018.
Timetastic Preparations for GDPR
Timetastic will be fully compliant by the time it becomes enforceable in May 2018. We've already undertaken a review of the legislation and made some additional disclosures in our Privacy Policies and Data Security Information.
At present (March 2018) we are in the process of making some additional technical changes and collating the necessary documentation for compliance.
Your GDPR Assessments
We recognise that you too will be going through your GDPR implementation process and will have questions for data processors like ourselves.
In that regard we'd encourage you to read about how we safeguard your data in our Data Security and Privacy articles in the legal section these documents already cover the majority of GDPR related questions.
A number of common questions have arisen in regard to GDPR which we'll try to answer here:
- Where is the data stored?
Data is stored in Microsoft's Azure cloud platform. At the time of writing this is their sites UK South and UK West.
- Is Data encrypted?
Yes. Data is transferred to Timetastic using HTTPS and stored at rest using Transparent Data Encryption.
- How do we delete data?
You can delete individual users and all their data from Timetastic within the app itself. You can also cancel and delete your entire account from the app. These delete functions are instant and not recoverable. Any data on backup will be deleted within 35 days.
- Which sub processors do you use?
This is covered in more depth in the list of 3rd Party Apps we use here.
- Do you have a specific data processing agreement?
At present there is no specific agreement, our current aim is to include the required terms (as specified in Article 28 of the GDPR Act) into our standard terms and conditions.