Plan your rota online in minutes, and spend even less time sending them to staff.
The General Data Protection Regulation, or GDPR, is a code of conduct designed to unify data protection standards and protocols across the European Union.
The regulation was outlined by European Parliament in 2016 with the intention of giving consumers greater control over their personal data, as well as cracking down on companies that fail to take adequate steps to protect the data they store from external hacking.
The GDPR became law across the EU on 25th May, 2018. From that date, organisations failing to comply with GDPR regulations can be fined up to €20 million or 4% of their global turnover.
GDPR covers everything from giving consumers the right to access and rectify the personal data that businesses hold on them, to tougher rules on reporting data breaches.
Any company obtaining, processing or storing EU citizens’ personal data — be it for the sale of goods and services or administrative reasons — are bound by the GDPR, regardless of whether the company itself is located outside of the European Union.
By providing you with access to our software and storing your employees’ data on our servers, RotaCloud is considered a ‘data processor’.
You as a RotaCloud customer, on the other hand, are the ‘data controller’ in this equation. Your staff, whose data you enter into RotaCloud, are the ‘data subjects’.
As such, we both have roles to play in order to comply with GDPR requirements.
As a data controller, you need to take steps to ensure you’re compliant with GDPR.
Only a legal professional can provide you with the kind of legal advice that will apply to your company or organisation regarding how the GDPR affects you, but there are some basic steps that all businesses need to take in order to be compliant:
As one such data processor, we want you to have all the information you need to be confident that RotaCloud is both trustworthy and fully GDPR compliant. Here’s what we’ve done at RotaCloud to keep your data safe.
Since its inception, RotaCloud’s core network has been powered by a number of services provided by Amazon Web Services (AWS), hosted in multiple availability zones within the London region. We also enforce HTTPS for all connections to our web servers and operate strict firewall policies on our core infrastructure, limiting access to various areas of our network.
All data stored is encrypted at rest using the industry standard AES-256 algorithm. This protects against information leaking through physical access to the storage devices.
In addition, we have taken a number of steps to become fully GDPR compliant, including the enactment of the following internal policies:
As a data processor, we take data security very seriously. Customer peace of mind is paramount at RotaCloud, and we welcome any and all enquiries from current and future clients who have additional questions about our data protection policies, or who would like to know more about the steps we have taken to meet GDPR requirements. Please use our Contact Us page to send us an email or start a live chat with one of our customer support staff.
You can view, download and print a PDF copy of the General Data Protection Regulation here.