privacy and data
We consider that there are clear engagements of human hights law, GDPR, and the Data Protection Act running across our field of operation and in every case we work with our clients to ensure they have in place all the relevant policy – including a data protection impact assessment (DPIA) and an appropriate data processing agreement contained within our contract documentation.
We take data security very seriously, with particular regard to the hostile environment of ongoing cyber attacks and data breaches. We deploy layered security arrangements across our systems, from two-factor encryption and SAML log in, to 128-bit base-64 encryption of all databases. All of our systems also contain secure audit logs, capturing all user actions.
We also deploy hybrid cloud systems, separating server modules into off-line and on-line segments, each of which is held securely away from a secrets service protected client-side GUI. In a worst case scenario, by having the data drives on site we are able to pull them from a physical machine and secure them from exploitation.