Just like the larger cloud-based providers, we’ve been working hard to reinforce our policies, internal processes and data procedures in order to service our clients in the wake of GDPR.
It will hopefully be no surprise to management teams reading this blog that the GDPR deadline is looming (25th May 2018 for anyone not in the know!) – and preparations for the handling of personal data should be well underway in your respective organisations. GDPR is being designed to protect us all – the lowly consumer whose data has been too-long flung around in the depths of the internet. Handing a greater degree of control and authority to the consumer means processes and procedures need to be aligned, adjusted and made compliant in order to prepare for requests for data retrieval, amendment and deletion.
If you have no idea what I’m talking about, you may have at least have noticed a raft of emails from major online cloud platforms informing you of their updated privacy policies, and I am reliably informed that logging into the under-fire Facebook now you will be presented with a greater degree of security controls and confirmations. You should also receive emails confirming your decision to remain on mailing lists – ironically, creating a surge in mail-outs in the process.
Our customers are being asked questions by energy suppliers and end users regarding their data. And quite right too. Here are a few facts about our setup, to help you fill out those questionnaire forms:
Q: What personal data does the UtilityClick system store?
A: The platform is designed to store data relating to company data used for the tendering of utility contracts. Parts of the system allow our customers to upload data on contacts, just like any other CRM system. This means that personal data can be stored in pre-defined fields within the system, including the contact’s name, date of birth (for sole traders), job title, telephone numbers and email address. We do not hold fields in the system for the storing of banking information. It is possible for our customers to store such data in notes fields, but we do not recommend this, nor encourage it.
Q: How does UtilityClick use the data stored by their customers?
A: We only directly access personal data stored on our customers’ subscription accounts when necessary to resolve technical queries. However, we may be asked to process data – such as uploading contacts into the system.
Q: Is UtilityClick responsible for the data stored in their system?
A: We’re responsible for making sure data is as secure as possible, irrespective of its content. The responsibility for the correct use of this data is with our customers (including the permission to hold this data), and their own GDPR-compliant processes should be in place to respond to requests from contacts whose personal information they choose to store on the system.
Q: Where are your data centres located?
A: The systems used to store and process the data uploaded by our broker customers are hosted by Microsoft Azure, on their cloud-based network. As our customers are almost entirely UK-based, so too are the data centres we choose to use. Our web applications and database servers are active in two Azure regions: UK South (London) and UK West (Cardiff). We don’t use data centres in other countries.
Q: How is data protected?
A: We use industry standard technologies to protect data stored on the system, including firewalls, data encryption at-rest as well as encryption in-transit. We monitor SQL servers for suspicious activity and only allow access to our systems administration team and web applications. Our applications are protected by secure socket layer (SSL) encryption as standard.
I hope this helps, and if you have any queries, just get in touch with me direct!