Step 1: CANDDi Data Audit
Our first step towards GDPR compliance was to perform a data-audit to understand the different types of data held within the Company and this data is located. As a template we started with the Direct Marketing Association's guide
CANDDi holds (controls) five different "types" of data
We started by looking at the different types of data CANDDi holds, then identifying our Lawful Basis for holding and processing that data, where we store it and how we control it
We identified five different types of data
- Anonymous Website Visitor Data
- Prospect Data
- Client Data
- CANDDi Technology Generated Data
- Employee Data
1. Anonymous Website Visitor Data
Data descriptionCANDDi uses the CANDDi website tracking technology to track individual website visitors.
Lawful basis for processingTODO
Data storage and retentionTODO
Data controlsTODO
Actions to be takenNone required
2. Prospect Data
Data descriptionCANDDi holds and processes data about potential prospects. Prospects are defined as individuals working for a corporate entity in a Sales, Marketing, Senior Management capacity.
This data has been built up by CANDDi over the duration of the company's life span. The majority of this data-set has been purchased from reputable data-brokers and is used and retained within the individual terms of the data licenses
Lawful basis for processingCANDDi is using this data for Direct Marketing purposes and have selected Legitimate Interests as our basis for processing this data. Our GDPR Legitimate Interests Assesment can be viewed here. In order to stay compliant with this Assessment we perform data-audits every six months which can be viewed here
In addition to GDPR, CANDDi is fully PECR compliant too. For the purposes of email marketing we limit our communications to individuals with a corporate email address, and we send to licensed data according to the wishes of the relevant data-broker
Data storage and retentionThe "raw" data is all stored in our Salesforce CRM database. When relevant this data is segmented (typically by sector / business size) and a sub-section is imported into our e-Shot email marketing platform. In addition this data may be found in the GMail archives of our sales-team, our outbound phone logs (and back-ups there of) and within our CANDDi tracking database.
This data can be retained indefiniately, however it will be audited every 6 months to ensure continued validity and refreshed according to the license terms
We store a record of our client's
We keep an PECR compliant email marketing opt-out list witin eShot
We regularly check this database against CTPS (Corporate Telephone Preference Service) and purge any blocked numbers / firms
We keep a GDPR compliant Right to be Forgotten list within Salesforce recording SAR's and Rights to be Forgotten
Data controlsAccess to our Salesforce Database and CANDDi database is restricted to Authorised members of Sales / Support staff
Access to our Email Marketing platform is restricted to specially trained Authorised members of our Marketing team
Actions to be taken- Data Audit for March 2018 to be performed - any invalid data to be purged
- Data Processing Contract between CANDDi and Salesforce to be obtained
- Data Processing Contract between CANDDi and Forfront (eShot) to be obtained
3. Client Data
Data descriptionCANDDi holds and processes data about
Lawful basis for processingWe choose the following Lawful basises for processing this data: Contract, and Legitimate Interest
We retain details about our client's businesses, contact information, contract information etc... in order that we can perform the Contracted service to them. We proccess this under the Contractual basis.
We retain details about our clients's engagement with our Support staff and usage of CANDDi. We process this data under the Legitimate Interests basis
NOTE we also store large amounts of our client's data within their CANDDi database. This data belongs to our client and CANDDi simply processes under their Contractual instructions
Data storageThe "raw" data is all stored in our Salesforce CRM database. When relevant this data is segmented (typically by sector / business size) and a sub-section is imported into our e-Shot email marketing platform. In addition this data may be found in the GMail archives of our sales-team, our outbound phone logs (and back-ups there of) and within our CANDDi tracking database.
This data can be retained indefiniately, however it will be audited every 6 months to ensure continued validity and refreshed according to the license terms
We store financial information in the following systems: Xero (Invoice records), Braintree (Credit Card details), GoCardless (Direct Debit details), Barclays Bank (BACS details)
We use the following Salesforce, eShot, Delighted, Zendesk, CANDDi, Xero TODO HERE Data controls
Access to our Salesforce Database and our CANDDi database is restricted to Authorised members of Sales / Support staff
Access to our Email Marketing platform is restricted to specially trained Authorised members of our Marketing team
Access to our Xero finance platform is restricted to specially trained Authorised members of our Finance team
Access to our client's CANDDi database is restricted to specifically trained Authorised members of our Support team
Actions to be taken- Data Audit for March 2018 to be performed - any invalid data to be purged
- Data Processing Contract between CANDDi and Salesforce to be obtained
- Data Processing Contract between CANDDi and Forfront (eShot) to be obtained
- Data Processing Contract between CANDDi and Xero to be obtained
- Data Processing Contract between CANDDi and Delighted to be obtained
- Data Processing Contract between CANDDi and Zendesk to be obtained
- Data Processing Contract between Clients and CANDDi to be created and published
4. CANDDi Technology Generated Data
Data descriptionIn order to perform our service to our clients, CANDDi has constructed two comprehensive data sets
- IP Database - we have the best global IP database - linking static IP addresses to their corporate owners
- Email Database - we have a comprehensive database linking Email Addresses to publically available social media information
The IP Database dosen't contain any information which uniquely identifies an individual (it tracks companies not individuals) - hence it's not with in the scope of GDPR (Please note - we treat this data exactly the same as any other data with regard to security / privacy). The IP Database is refreshed every 30 days to ensure that the data is accurate and relevant.
The Email Database only contains data which is publically available on Social Networks / the Internet. The ICO is clear that if "the individual has deliberately made the information public" then this data is acceptable for processing. The Email Database is refreshed every 60 days to ensure that the data is accurate and relevant.
Data storageAll this data is held in a MySQL database in the AWS EU-West-1 data centre (Ireland)
The data (and backups) are encrypted at rest
Data controlsAccess to this data is either via internal API Gateways - which require an API key to access or via direct MySQL database access
Access is restricted to Authorized employees in the development team
5. Employee Data
Data descriptionEmployment records and Payroll records for current and previous employees.
- Address and Contact details for Employee and Emergency Contact
- Salary and Bank account details
- Performance reviews and disciplinary records
The data has been reviewed and there is NO Special Category data held in these records
We also hold historic data about unsuccessful job applicants.
- CV Data
- Write-ups about Interview Performance
* For current employee data we have a Contractural obligation to process and hold this data
* For historic employee data - TODO - see below - how long do we need to Contractually hold this etc...
* For unsuccessful job applications we have a Ligitimate Interest to hold this data (and mostly this is information which the individual has made public themselves), however we have no need to hold this data for longer than necessary. Hence all records for unsuccessful applicants over 3 months old will be anonymised and/or purged. Note we will be continuing to hold anonymous applicant data for statistical purposes
Data storageThis data is held in the following places
* Xero [Acccounts package]
* Tim Langley's (Founder) laptop [HR records]
* Google Drive records [Performance Review HR records]
* GMail [Email platform] - CV's etc...
* Paper records in Tim Langley's office
Data controls* Only Authorized Staff members and Authorized Accounting Staff (Pomegranate Consulting) have access into Xero.
* All data held on Tim's computer is stored on an encrypted partition with strong password security
Actions to be taken- All historic job applicant data over 3 months old to be anonymised / purged
- Employees to be educated about their rights (and responsabilities)s
- Data processing agreement between CANDDi and Xero to be obtained
- Data processing agreement between CANDDi and Pomegranate Consulting to be obtained
- Advice to be sought regarding historic Employee data