GRC ONE™ and your data

On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) came into effect in the European Union (EU). The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organisations that market to, track or handle EU personal data, no matter where an organisation is located. GRC ONE Ltd is here to help our customers in their efforts to comply with the GDPR through our robust privacy and security protections.

What we at GRC ONE are doing

GRC ONE Ltd welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU and as an opportunity for GRC ONE to deepen our commitment to data protection. Compliance with the GDPR requires a partnership between GRC ONE Ltd and our customers in their use of our services. We have closely analysed the requirements of the GDPR and believe our products and services are already fully compliant with GDPR if used in the way they are marketed to our customers. However, we are working to make enhancements to our contracts, and to our documentation to help support our customers’ compliance with the GDPR regulations.

Data protection is a perpetual process, changing as the nature of our customers data and their use of our systems evolves. GRC ONE™ will continue to fully comply with both the wording and intent of the GDPR in the delivery of our products and services and help our customers to comply with their own GDPR responsibilities where it relates to GRC ONE™.

GRC ONE Ltd's commitment to protecting your data

At GRC ONE, trust is our number one value, nothing is more important than the success of our customers and the protection of our customers’ data. GRC ONE's robust privacy and security program meets the highest standards in the industry. We have consistently reinforced our commitment to protecting our customers’ through our actions over the last few years:

  • In Feb 2017 we implemented a security monitoring and protection dashboard, monitoring our software 24 hours a day, 365 days a year.

  • In Aug 2017 we upgraded our front end to remove the “remember me” option to remove perceived vulnerabilities

  • In Sep 2017 we enabled data encryption at rest within our infrastructure, securing your data to the highest security standards

  • In Nov 2017 we engaged a market leading CREST approved company to conduct a detailed penetration test to attempt to break our security layers and security protocols.

  • In Dec 2018 we self certified our compliance with the new GDPR regulations and registered our Data Protection Officer with the ICO