The company conducted extensive Privacy Impact Assessments (PIAs) to audit its data stores and ensure there is a lawful reason for holding all data. The types of data processed by Union Street primarily include telephone numbers, address details, account details, partners’ customers’ details and payment details. Following these PIAs, Union Street introduced new procedures to deal with all types of personal data requests and to ensure data is retained only for as long as necessary.
Union Street confirmed that as an ISO/IEC 27001 certified company, it operates in accordance with the principle of least privilege. Access to information is restricted and allowed only to appropriately trained staff that require it as part of their job role. Union Street staff that process Personally Identifiable Information (PII) as part of their role, have signed confidentiality agreements and received training relating specifically to GDPR and data security.
In addition to operational changes, Union Street has made a series of security and privacy enhancements to its aBILLity™ billing software and other solutions that will assist its partners in their compliance with GDPR. Partners using legacy/discontinued product lines have been contacted and offered an upgrade path that will help them to comply with GDPR.
Managing Director, Tony Cook, commented. “We greatly appreciate the trust placed in us by our partners and take the secure management and protection of their information extremely seriously. As such, we strive to ensure that all regulatory, legal and ethical obligations for data protection are met. Moreover, we aim to be transparent about the ways in which we manage and protect information, privacy and security.
“When it comes to the development of our software, data privacy, security and accuracy are considered from the initial design phase. This way we ensure due consideration is given to the protection and security of data in any new products, or enhancements to products, we develop.”