General Data Protection Regulation (GDPR) Statement

Executive Summary

Byjama Limited welcomes the introduction of GDPR in May 2018.

The software solutions that are provided by our business are solely located in the UK utilising hosting facilities solely based in the UK.

Byjama has always taken all information security seriously including that of personal data regardless as to whether Byjama is considered a processor or controller.

In terms of the GDPR Byjama has been working towards being fully compliant throughout 2017 in order to ensure that Byjama customers can be certain that they are dealing with a fully compliant GDPR business and utilising GDPR compliant solutions. The work will conclude prior to the May 2018 date for introduction of the regulation.

Byjama will be providing documentation to all customers detailing how their solution and Byjama as an organisation are fully compliant with all aspects of GDPR.

Assessment

Byjama has reviewed the GDPR and matched its own activities and products against the regulation in four key areas. Byjama considered the regulation against the business as:

1: A data controller of its own employee data.
2: A data controller or processor of third party data such as activity relating to direct marketing.
3: A Software as a Service (SaaS) supplier.
4: A business that develops software.

A public document will be made available that details the policies and activities that Byjama employs matched to the clauses of the GDPR should any client have a detailed question in respect of compliance.

Byjama will also provide a document that details the features of the SaaS provision that means you can have confidence that the organisation and software you are working with are fully GDPR compliant.

Byjama developed applications remain hosted solely from UK data centres, where Byjama remains as the hosting provider.

Activity

Byjama is amending its activities and associated policies and procedures as necessary in order to fully comply with GDPR following a thorough assessment.

Byjama is amending its client and supplier contracts to ensure the GDPR reaches throughout the supply chain for the provision of its SaaS services and solutions.

Byjama is reviewing all of its suppliers and clients for compliance with GDPR paying very close attention to those involved in personal data gathering and marketing activities.

Byjama is carrying out Privacy Impact Assessments as necessary.

The Byjama website is being updated so that customers have the assurance that they will be contacted and treated in accordance with GDPR requirements.  The website will contain Byjama Limited’s privacy policies clearly identified.

The solutions Byjama has already provided are being fully reviewed and will be amended if required, under cooperation with any affected client. These amendments will include creating facilities for clients to service GDPR personal data requests, conduct GDPR data removal and data anonymising actions for a chosen individual.

Byjama remains committed to information security, especially regarding personal data where it is captured on behalf of our clients as part of our data processing obligations.