GDPR and QuoteXpress
We are pleased to announce that QuoteXpress has been audited to PASS status by an accredited GDPR practitioner and is nationally registered to the ICO as safe.
We are happy to display the pass badge associated with GDPR Fundamentals certification.
We have implemented a number of changes to our platform in order to assist our clients with the requirements of the new GDPR when it comes into force on May 25th.
Privacy Statement
In order to add personal information to QuoteXpress (whether by your team or by a client), a privacy statement will need to be accepted. You can either write your privacy statement directly into QuoteXpress or link out of QuoteXpress to a Privacy Statement hosted elsewhere (for example on your company website).
Data Retention
We have set up policies within our systems that mean that any personal information stored against quotes will be automatically removed after 90 days and just the record of the quote itself retained for MI purposes. For instructed matters, we will retain personal information for seven years. The time periods for both of these settings can be changed to meet the specific policies of your company upon request.
Data Protection Contact
We have added a new field under your company details where you can nominate a ‘Data Protection contact’ within your company and within the companies you works with. In the event of a data breach these contacts can be used to promptly notify the relevant parties of the breach.
Subject Access Requests
We can assist your firm if you need to retrieve any personal information on an individual as a result of a Subject Access Request. We are also going to be implementing a self service procedure for this.
Deletion
If you need to delete information on an individual entirely, then we are providing an option to do so.
If you have any questions about QuoteXpress and GDPR, please get in touch.
Photo by Paulius Dragunas on Unsplash