RotaCloud & The General Data Protection Regulation (GDPR)

How we comply with the GDPR

What is the GDPR?

The General Data Protection Regulation, or GDPR, is a code of conduct designed to unify data protection standards and protocols across the European Union.

The regulation was outlined by European Parliament in 2016 with the intention of giving consumers greater control over their personal data, as well as cracking down on companies that fail to take adequate steps to protect the data they store from external hacking.

The GDPR became law across the EU on 25th May, 2018. From that date, organisations failing to comply with GDPR regulations can be fined up to €20 million or 4% of their global turnover.

GDPR covers everything from giving consumers the right to access and rectify the personal data that businesses hold on them, to tougher rules on reporting data breaches.

Any company obtaining, processing or storing EU citizens’ personal data — be it for the sale of goods and services or administrative reasons — are bound by the GDPR, regardless of whether the company itself is located outside of the European Union.

How the GDPR affects RotaCloud customers

By providing you with access to our software and storing your employees’ data on our servers, RotaCloud is considered a ‘data processor’.

You as a RotaCloud customer, on the other hand, are the ‘data controller’ in this equation. Your staff, whose data you enter into RotaCloud, are the ‘data subjects’.

As such, we both have roles to play in order to comply with GDPR requirements.

Your responsibilities

As a data controller, you need to take steps to ensure you’re compliant with GDPR.

Only a legal professional can provide you with the kind of legal advice that will apply to your company or organisation regarding how the GDPR affects you, but there are some basic steps that all businesses need to take in order to be compliant:

  1. Create an inventory of all personal data that you control, such as customer information or employee details.
  2. Increase awareness and understanding of GDPR and data protection requirements at your organisation.
  3. Find out if you need to carry out a data protection impact assessment or appoint a data protection officer.
  4. Understand individuals’ strengthened data rights and how your business would respond to requests based on these rights.
  5. Ensure that all data processors you use adhere to the GDPR.

As one such data processor, we want you to have all the information you need to be confident that RotaCloud is both trustworthy and fully GDPR compliant. Here’s what we’ve done at RotaCloud to keep your data safe.

What we’ve done to be GDPR compliant

Since its inception, RotaCloud’s core network has been powered by a number of services provided by Amazon Web Services (AWS), hosted in multiple availability zones within the London region. We also enforce HTTPS for all connections to our web servers and operate strict firewall policies on our core infrastructure, limiting access to various areas of our network.

All data stored is encrypted at rest using the industry standard AES-256 algorithm. This protects against information leaking through physical access to the storage devices.

In addition, we have taken a number of steps to become fully GDPR compliant, including the enactment of the following internal policies:

  • Keeping a strict inventory of any data that we store.
  • Maintaining a flow chart of where we store our data and any third parties that use it.
  • Reviewing our IT security protocol to train RotaCloud employees so that they know what is required of them under the new data protection guidelines.
  • Reviewing our Rapid Response Protocol to ensure that our team know what to do in the unlikely event of a data breach.

We’ve also reviewed our Terms & Conditions and Privacy Policy to ensure that they are as transparent as possible and fully in line with GDPR guidelines, and published a Security Document that gives an overview of exactly how and where we store our data.

As a data processor, we take data security very seriously. Customer peace of mind is paramount at RotaCloud, and we welcome any and all enquiries from current and future clients who have additional questions about our data protection policies, or who would like to know more about the steps we have taken to meet GDPR requirements. Please use our Contact Us page to send us an email or start a live chat with one of our customer support staff.

You can view, download and print a PDF copy of the General Data Protection Regulation here.