GDPR and Information Security
Thrive welcomes the introduction of the General Data Protection Regulation (GDPR) on Friday 25th May 2018 and has been working on an implementation plan to ensure Thrive is compliant with the high demands of the new regulations.
Thrive-Online
Thrive have updated the relevant subscription service agreements as part of the GDPR preparation process:
THRIVE-ONLINE SUBSCRIPTION SERVICES AGREEMENTS
Thrive also have a separate TOL SECURITY STATEMENT that has been reviewed as part of the GDPR implementation.
Cyber Essentials
Thrive is certified for Cyber Essentials as part of the group certification of Supporting Education Group. This is recertified every year.
Control of processing
Thrive have carried out an exercise establishing a central register of all personal data held where Thrive are either the data controller or data processor, documenting the relevant details as required by the GDPR. Note that for Thrive-Online, Thrive is considered the Data Processor and the customer the Data Controller.
Policies and procedures
Thrive have performed an information audit to identify what personal data is held. Thrive have reviewed, are in the process of reviewing, or have produced new policies, procedures, contracts and agreements to address areas such as retention, security and data sharing and ensure compliance with the GDPR. These include, but are not limited to:
- Privacy Policy
- TOL Security Statement
- TOL Consent Form
- Security Policy
- Business Continuity Plan
- Subscription Agreements
- Thrive membership terms and conditions
- Retention Policy
Website
The Thrive website has been updated to ensure that where data is collected, the processing reasons for collecting this data are clearly stated as are the ways of unsubscribing. Clear information has been provided about cookies on the Thrive website.
Any questions?
Please contact breach@thriveapproach.com if you have any questions about Thrive and the GDPR.