D G Heath and the General Data Protection Regulation (GDPR)
Background
The General Data Protection Regulation (GDPR) proposed by the European Commission is designed to strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. GDPR comes into effect on 25th May 2018.
The primary objective of the GDPR is to give individuals back control of their personal data. Once GDPR takes effect it will harmonise previous and other data protection regulations throughout the EU.
The GDPR must be observed by any organisation with more than 250 employees and any business of any size if it is involved in regular processing of certain categories of personal data, including: health data, information on individuals’ racial or ethnic origin, political affiliations, religious beliefs, genetic and biometric data and sexual orientation.
D G Heath has existing processes to protect any records of aforesaid personal data it may acquire in the normal operation of its business.
D G Heath is embracing the regulations pertinent to its business operation.
D G Heath Products
To assist D G Heath customers to meet the new GDPR requirements, D G Heath are refining the process of call recording on certain products; specifically, how call recordings are stored and deleted.
In D G Heath’s Business Management suite, Vision, the following abilities are being added:
- Search for a Contact or Number - see all associated calls and recordings - delete all calls and recordings, or delete recordings
- This will have double delete confirmation i.e. “Are you sure?” pop up type.
- Search for a Contact or number - see all associated calls - delete the specific call(s) and recording(s) or recording(s) only
- This will have double delete confirmation i.e. ‘Are you sure?’
- Add an Audit trail stating deletion type.
D G Heath strongly advises that best practice, as specified in the document ‘System Passwords – Security Advice Note’ should always be followed.
D G Heath Cloud Services
D G Heath provides a range of virtualised servers, onto which resellers can load DGHeath voice platforms and applications, in a private cloud environment. Small, medium and large virtual servers are backed-up using a 3-day rolling snapshot process. In the event of a critical server failure, the latest back-up will be loaded on a new virtual server. Micro (container based) servers are backed-up daily and the same process is applied.
The level of network/connectivity resilience required for each implementation is specified by the end-user/reseller requirement and/or budget.
Wide Area access to the servers is through Trusted IP Addresses specified by the end-user/reseller at the time of order for:
- End User Access/Connectivity
- Reseller System Access/Configuration/Maintenance
- SIP Trunk Endpoint Termination
D G Heath servers are initially accessed through the vMAP interface for the installation and configuration of D G Heath voice platforms and applications: SoftPBX (SelectVoice and S8000), Vision Business Management and SSL Gateway. Usernames and passwords for specific areas of system access are all under the control of the reseller during the initial configuration process. This includes various levels of end-user access to D G Heath system management applications:
- Admin Portal
- Manager Assist
- Select Voice/S8000 System Manager
- Vision Administration Portal
There are three data types stored on the D G Heath servers:
- System Configuration
- Call Logging
- Call Recording
Call Recordings are stored using AES-256 encryption as standard. System Configuration and Call Logging data is not encrypted.
Data retention applies to the areas of Call Logging data and Call Recordings. Automatic (and manual) back-up and/or deletion of both are under the control of the end-user/reseller via the Vision Administration Portal.
All data is stored in the UK.