Toasted Digital's GDPR Commitments

On the 25th of May 2018, The EU General Data Protection Regulation comes in to play. Toasted Digital is commited to GDPR compliance across its services, and working on an update privacy policy covering data collection, storage, usage, sharing and deletion. 

Update 14th May 2018: We have published our updated privacy policy here

Our ongoing process

Toasted Digital are in the process of becoming GDPR compliant. As part of this, we are commited to:

• - Assigning a dedicated GDPR data protection officer
• - Gaining consent from all clients to continue using their data
• - Reviewing our third party supplier GDPR policies and ensuring the required consent is gained for continued use of these. As of publishing this document, the third party suppliers we use to store or process our client's data include: Google G Suite, Dropbox, Freeagent, GoCardless, FlyWheel and Basecamp.
• - A data retention schedule
• - A full audit and mapping of the data we currently hold on clients. This includes removal of all client data that exceeds our retention schedule. 
• - A review of our internal security, both software and hardware.
• - Training staff to understand what constitutes personal data. 
• - Updating our breach response policy
• - Reviewing the encryption of data we process. From ensuring the use of HTTPS online, to securing sharing data internally and with clients. 
• - Ensuring we have a process in place for clients to request deletion of their personal data from our systems. 
• - Registering with the ICO

If existing clients have any questions, they can get in touch with us by emailing [email protected]

Document last updated 10th May 2018.