On 25 May 2018, the General Data Protection Regulation (GDPR) became effective. The GDPR aims to protect the right to privacy of every EU resident giving them a greater say over how their personal data is used. It also details how EU personal data laws are applied outside the EU. The GDPR, therefore, has important implications for how organisations handle confidential data.
McGowan Transcriptions has never used your data in the past. Now, we need to let you know that McGowan Transcriptions is classified under GDPR as a data controller and, whilst we have always complied rigorously with the Data Protection Act, we have taken every step to ensure that we are compliant with the new legislation.
McGowan Transcriptions is registered with the ICO and we honour our clients’ right to data privacy and protection in accordance with the guidance provided by the ICO. McGowan Transcriptions does not use its clients’ personal information beyond what is required for the functioning of its services.
McGowan Transcriptions has demonstrated its commitment to data privacy and protection by:
- Operating a secure connection to communicate between our website and browsers (https);
- Our transcribers have signed a full and comprehensive confidentiality agreement and have had their ID, nationality, and immigration verified and are security-checked;
- Each member of the transcription services team adheres to this level of security:
– 256bit AES encryption
– FIPS 140-2
– US DoD (7 pass) standard
– Webroot anti-virus protection
- All members of our teamwork within Office 365 and no transcripts or recordings are stored locally;
- We use our bespoke system Global Lounge for all uploading and their daily security comprises:
– Third-party McAfee Secure scans
– AES 256-bit encryption with SSAE 16 certification.
- We are members of the MRS (Market Research Society) and abide by their code of conduct. You cannot become an affiliate member without being sponsored by a Market Research agency, who are existing members of the MRS, who are prepared to vouch for your reputation in the industry.
How does McGowan Transcriptions comply GDPR?
As a data controller, we understand our obligation to our clients and their personal data. We have thoroughly analysed the GDPR requirements and are working through several initiatives to ensure that we are only holding the minimum information required to provide the contracted services to our clients, that we allow clients to manage the data that is held and easily be able to provide access to the data and removal wherever possible.
Identifying personal data
We are undertaking a systematic review of the personal data that is being stored, managed, retained, collected, processed and disposed of across our various systems. Assessment of this data will review information flow, any data transfers, risk, and structural position in relation to lawfulness, purpose, minimisation, accuracy, consent, limitation, integrity and confidentiality, record keeping and accountability.
Providing visibility and transparency
The most important aspect of GDPR is how the collected data is used. As a data controller, we are committed to allowing clients to manage their personal data. Some of these details do filter through to McGowan Transcriptions’ backend systems which are not publicly visible for certain applications such as billing or support, but all this data can be retrieved or removed on request where appropriate. We only process data according to clients’ documented instructions.
Enhancing data integrity and security
McGowan Transcriptions has always taken the privacy and security of its clients’ data seriously. Following the GDPR data assessment, McGowan Transcriptions has also upgraded its Global Lounge platform to automate data removal after a period of inactivity. In accordance with our Terms and Conditions, clients agree to us processing their data. We do not use third parties (sub-processors) and all data is processed in-house. We do not process data belonging to data subjects.
Whilst we make every effort to protect data, in the event of a data security breach, we undertake to inform the ICO and our clients and to carry out data protection impact assessments.
Audits and Inspections
We are prepared to provide clients with all information required to show that the obligations of Article 28 have been met, and McGowan Transcriptions is prepared to allow for, and contribute to, audits and inspections requested by the client.
Portability and transferability of data
GDPR gives end users the right either to receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, we have been implementing new internal procedures and policies to improve the efficiency of the data exporting process.
Training and Awareness
McGowan Transcriptions regularly undertakes internal training for all members of the team on GDPR and its impact on the updated policies, procedures, and responsibilities.
Can we search our personal data on your systems?
Your personal data that you have provided to McGowan Transcriptions can be found in your online control panel in Global Lounge. If you have not logged in for a while, please contact us for a new login.
Can we delete our personal data from your systems?
By updating or closing your account, your personal data will be removed from McGowan Transcriptions’ systems. Any data that has filtered through to the back-end systems can also be requested to be deleted where applicable. Data can only be removed once payment has been received and after the first day of the month preceding your project completion.
Can we export our personal data from your systems?
On request, McGowan Transcriptions will be able to provide a full export of an individual’s personal data. Transcripts/recordings will only be available for 95 days after upload.
Do your standard contract terms include the new GDPR mandatory provisions?
The contract terms have been updated to include the new GDPR mandatory provisions.
Can you confirm our right to have perennial data deleted or returned upon termination of contract at no extra cost?
Any personal data that is not legally required to be kept for longer periods will not be retained for more than 6 months and upon request can be deleted on termination of contract. Data can only be removed once payment has been received and after the first day of the month preceding your project completion.
What is your geographical location?
Egham, Surrey, UK.
What is the geographical location of your data systems?
GoDaddy – UK
Office 365 – London
Joe McGowan – CEO
19 May 2021