GDPR and Thesaurus Software
Data Protection has always been a concern for Thesaurus Software and we’ve always aimed to act with complete integrity in this regard. But like all companies in preparation for GDPR, we have had to complete a total review on how we gather, maintain and use data.
Firstly, Thesaurus Software Ltd. does not have access to your data files, except where they have been submitted for support reasons. We have no control over the authority, the quality or safety of the data input. You and you alone are responsible for the accuracy and completeness of your records. Whilst we have security measures in place to protect your data, it remains your responsibility to keep your sign in details secret, to sign off from the Thesaurus Software Ltd. product when you are not using it and to ensure there is no unauthorised access to your computer.
Key changes we have made
Some of the key changes that we’ve made that will affect our customers include;
- From time-to-time when assisting with an employer query, in order to fully resolve the query the only solution for us is to request a backup of our customer's file. Whilst we did have security protocols in place for this we felt that we could make them even more secure. We've created an in-program support feature that allows users to automatically send a backup of their payroll to us through a secure channel. The benefits being that customers don't have to upload the backup to their email where they may forget to delete, but mainly on our side; the backup is saved centrally on a secure server and then automatically deleted after one week. In our 2018 software, we are also including a new secure password recovery option. We have also worked on increased encryption of data files, just in case some hacker does manage to access your files.
- We regularly complete internal IT audits on every company PC, deleting any unnecessary data.
- We have looked at how information is sent to and retrieved from our secure servers, be it for the purposes of maintaining our website or our CRM system. We have now changed all of our servers over to more secure Microsoft Azure servers. We have also introduced IP white listing, meaning that knowing the login credentials is not enough, the request must come from a trusted location.
- We have introduced extra consent fields in different areas of the software / websites.
- Internally, we have held staff training and update sessions to ensure our staff are fully aware of GDPR legislation and how it impacts their role.
- If you are a Bright Contracts customer, we have updated the data protection policies within the software.