GDPR Statement | Spearhead eLearning
Our Commitment to GDPR
the General Data Protection Regulation (GDPR) has been described as a “game changer for everyone” by the Information Commissioner’s Office. This new piece of EU data protection law represents a major shake up in the way we collect, process and store personal data. The legislation aims to standardise data protection law across the EU, giving individuals more control over how, when and by whom their data is processed.
Spearhead eLearning is committed to partnering with our customers to help prepare for GDPR. Here we will explain what we are doing to achieve GDPR compliance both internally and for our customers.
Preparing for GDPR: We have adopted a company wide approach to become GDPR ready and our working group has been preparing the business for the significant changes involved.
– Updating and amending our terms and conditions, customer agreements and privacy statements to bring them in line with the GDPR legislation.
– Ensuring that correct and appropriate contractual terms are in place with data processors which support the principles of GDPR including international data transfers.
– Updating our internal policies and practices to respond to GDPR requirements.
– Continuing to invest in our products, services and staff training.
We are working closely with our legal team and we are continuing to monitor the GDPR guidance, adapting our preparations accordingly
Security Standards and Certifications: Protecting our customer’s privacy and securely managing your data is a high priority for us. All our web properties use SSL (secure sockets layer) to encrypt data you transmit to us across the Internet. Our Development Team manages our servers and data transfer processes for the purposes of maintenance, support and development. Access to our servers is tightly controlled; only authorised company administrators employed directly by Spearhead eLearning are granted access. Staff training is an important ethos that we hold as a company. As such, we ensure all our staff have an up-to-date working knowledge of data protection law inclusive of GDPR legislation.
International Data Transfers: Data is stored with Amazon Web Services (AWS) and meets the EU-US Privacy Shield framework adopted by the European Commission. This complies with data protection requirements and GDPR legislation when transferring data outside of the EU.
Data Processors: To help us deliver the best possible service, we use a number of tools to process data. A data processor can be an organisation or third party provider who manages and processes personal data on behalf of a business. We are working with our providers to ensure compliance with the new legislation, including introducing data processing agreements where appropriate.
Stay Updated: We will be updating this page throughout the process with current information about our GDPR readiness and our commitment to protecting customer data. If you have any specific questions about our preparations, we hope that you contact us directly. We have also written a course which is designed to help you and your business prepare for the GDPR. For more details please see our GDPR Training Course.