GDPR Compliance Statement 2018
This statement is made in accordance with The General Data Protection Regulation (GDPR) and sets out the steps that DataBunker Ltd has taken and is continuing to take to ensure our operations are compliant with the legislation.
DataBunker is a backup and DR Service provider. Based in the UK, we aim to provide friendly, professional levels of expertise and service. We can help you plan and implement a Backup & Disaster Recovery solution of any size. We can help whether you have a single server that needs backup through to mission critical physical or VMs. We offer our services via resellers and IT Managers.
DataBunker has in the region of 10 core suppliers within the information technology sector providing data centre services, software and hardware.
DataBunker acts as a data controller for the data collected for marketing purposes, Human Resources and customer information. We also act as a data processor for our customer base as we hold copies of their data for data recovery and disaster recovery purposes.
Policies and Processes
We operate a framework of internal policies and processes to ensure that we are conducting business in a lawful, secure and transparent manner.
- Information Security Management
DataBunker services are based in a UK secure data centre that is accredited to ISO 27001:2013 Information Security Management standard. All data resides on infrastructure owned by DataBunker running in a redundant secure configuration. Data is encrypted at source, in-flight and at rest with encryption keys know only to the data controller (which would be the customer and is not known to Databunker).
- Subject Access Request policy
This sets out our approach to recording, responding to and the timescales and governance around Subject Access Requests (SAR). Please note that the data we hold for our backup service is only accessible by via the encryption method, Databunker has no access to be able to read the data held on it’s systems.
- Contractual terms and conditions
All DataBunker contracts with customers, suppliers and resellers have been updated to reflect GDPR and ensure we can meet DataBunker’s obligations and help our customer’s meet their obligations under the legislation.
DataBunker conducts due diligence on all suppliers before doing business with them. This due diligence includes assessing their position relating to GDPR compliance. We have also reviewed our existing suppliers’ compliance.
We conduct training for our staff so that they understand the legislation and our business processes supporting compliance of the legislation.
Approval for this statement
This statement was approved by DataBunker’s Senior Management Team on 24th October 2018