Inovix and General Data Protection Regulation
The deployment of effective, relevant information security and data protection controls is fundamental to Inovix Network Solutions Ltd’s market proposition as a provider of Managed IT Services. Inovix is committed to securing and protecting the personal data in its custody.
The General Data Protection Regulation (GDPR) comes into force on the 25th May 2018, at which point it will supersede the current Data Protection Act 1998 (DPA).
While GDPR is a complex piece of legislation, it is important to remember that it builds upon the requirements defined within the DPA, which already provides a substantial body of law around the security and protection of personal data.
Inovix Network Solutions Ltd already complies with the DPA. Inovix’s own GDPR programme has been structured to critically assess the existing information security and data protection controls against the more prescriptive requirements of GDPR. Where necessary, the existing controls within Inovix’s Information Management System (IMS) have been updated.
What Personal Data is Inovix collecting and how is it processed?
As a Data Controller, our collection of personal data is limited to only data necessary for the purpose of supporting an effective business relationship with our direct customers. Customer name and contact details are collected, together with other business data, such as, business address, business contact and payment details.
As a Data Processor, the collection of personal data, provided by the customer or authorised user within the end-user’s organisation, is limited to the User ID, business address, landline contact and where appropriate mobile contact for the purpose of facilitating the consumption of the selected Inovix service.
Inovix Network Solutions Ltd does not collect any special category of personal data.
Inovix Network Solutions Ltd will only process personal data where:
- processing is necessary for the performance of an agreement to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement; or
- processing is necessary for compliance with a legal obligation to which Inovix is subject, or
- where the data subject has given consent to the processing of their data for one or more specific purposes
Inovix’s relationship with third parties.
Inovix’s Customer Agreement documents have been updated to incorporate the required GDPR clauses.
Inovix has also updated its contractual terms, in line with GDPR, with the suppliers and partners that process personal data in support the Inovix internal business processes. As above, the revised contractual terms ensure the obligations to secure and protect personal data and the need to support the Data Subject in exercising their fundamental rights is recognised by our suppliers.
Inovix Network Solutions Ltd’s technical and organisational controls.
Inovix Network Solutions Ltd’s IT architectural model is based upon industry standard equipment and operating system software, deployed across two geographically separated datacentres. A highly resilient network, sourced from two suppliers, provides connectivity to the Internet allowing services to be delivered.
The hardware infrastructure supporting the delivery of the Inovix services is configured with the required level of resilience to meet the committed service availability levels, with a level of redundancy built into the individual hardware components.
All servers are subject to a regular schedule of vulnerability scans and subject to a formal Patch Management Policy. All servers are visible to, and managed through, a well-established availability and performance monitoring regime. Logging and audit information is captured for critical resources.
Project Management within Inovix has been enhanced to embrace the ‘Privacy by Design and by Default’ philosophy embodied in GDPR.
As noted earlier, effective information security and data protection controls is fundamental to Inovix’s market proposition as a provider of Managed IT Services. Inovix is committed to securing and protecting the personal data in its custody.
Building on an existing, comprehensive base, the GDPR Programme has further strengthened Inovix’s information security and data privacy controls.
Inovix Network Solutions Ltd is committed to its obligations under GDPR, both in its role as Data Controller and as a Data Processor.