Data Protection has always been a concern for Thesaurus Software and we’ve always aimed to act with complete integrity in this regard. But like all companies in preparation for GDPR, we have had to complete a total review on how we gather, maintain and use data.
Key changes we have made
Some of the key changes that we’ve made that will affect our customers include;
From time-to-time when assisting with an employer query, in order to fully resolve the query the only solution for us is to request a backup of our customer's file. Whilst we did have security protocols in place for this we felt that we could make them even more secure. We've created an in-program support feature that allows users to automatically send a backup of their payroll to us through a secure channel and in turn allows our support staff to return files securely to our customers. The benefits being that emails containing payroll files are no longer needed and also on our side, the backup is saved centrally on a secure server and then automatically deleted after one week. In our 2018 software, we are also including a new secure password recovery option. We have also worked on increased encryption of data files, just in case some hacker does manage to access your files.
For the most part however, Thesaurus Software Ltd. does not have access to your data files. We have no control over the authority, the quality or safety of the data input. You and you alone are responsible for the accuracy and completeness of your records. Whilst we have security measures in place to protect your data, it remains your responsibility to keep your sign in details secret, to sign off from the Thesaurus Software Ltd. product when you are not using it and to ensure there is no unauthorised access to your computer.
We have looked at how information is sent to and retrieved from our secure servers, be it for the purposes of maintaining our website or our CRM system. We have now changed all of our servers over to more secure Microsoft Azure servers. We have also introduced IP white listing, meaning that knowing the login credentials is not enough, the request must come from a trusted location.
Where we rely on consent as a lawful basis for processing personal data, we have introduced extra consent fields in the appropriate areas of the software / websites.
Internally, we have held staff training and update sessions to ensure our staff are fully aware of GDPR legislation and how it impacts their role.
If you are a Bright Contracts customer, we have updated the data protection policies within the software.
Need help? Support is available at 01 8352074 or firstname.lastname@example.org.