The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which came into force in 2018

It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.

Our GDPR preparation started in June 2017 and as part of this process we reviewed (and updated where necessary) all our internal processes, procedures, data systems and documentation to ensure that we are ready when GDPR came into force in May 2018. Our GDPR Principles are:

  • Data is processed fairly and lawfully
  • Data is processed only for specified and lawful purposes
  • Processed data is adequate, relevant and not excessive
  • Processed data is accurate and, where necessary, kept up to date
  • Data is not kept longer than necessary
  • Data is processed in accordance with an individual’s consent and rights
  • Data is kept secure
  • Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection

Phoenix Software Limited is a BSI ISO 27001:2015 accredited company, Certificate ID: IS 620034 and Cyber Essentials, Certificate Number: 8923391468400875. This ensures we adhere to stringent processes for keeping our data and our customers’ data secure.

Phoenix Software Limited also processes personal data to comply with the eight principles of the UK Data Protection Act 1998.