Compliance by Design

Compliant processing of offender data

Processing personal data – tightly regulated by important data protection law – is at the heart of Disc. Compliance with the law must be the single most important priority for any Disc user –as it is for us as providers of the Disc system. That’s why, from the outset, Disc has been developed to be ‘compliant by design’.

Disc is delivered from our Cloud-hosted secure server environment which is protected behind the scenes in line with our independently certified ISO27001:2013 security standard. NCSC Cloud Security Principles, robust data back-up and disaster recovery procedures and other state-of-the-art automated processes ensure constant availability.

On-going independent third-party assessment provides the technical assurance that customers should demand including certification to PCI standards, certification to Cyber Essentials standards for end-point security and annual independent penetration testing.

Disc, the Data Protection Act and the General Data Protection Regulation

From the very first, Disc has been designed to ensure ‘compliance by design’, aligning directly with the concept of ‘data protection by design and default’ made explicit – and mandatory – in the UK’s Data Protection Act 2018 which incorporates the General Data Protection Regulation.

Disc administrators and users access information in their Disc ‘secure environment’ quickly and with ease. Few may be aware of the security and data protection features which support every aspect of Disc.

Access controls, member certification, re-certification and monitoring, separation of roles, data encryption, password re-set requirements, two-factor authentication, auto-logout, access audit trails: these and other features ensure that data in Disc is accessed only by individuals entitled to do so, and help identify any data breaches and those responsible if and when they occur.

Without users necessarily being aware of it, Disc supports every one of the seven Data Protection Principles in GDPR and provides a wealth of reporting tools to ensure that each system is maintained and managed in compliance with these Principles.

Compliance with GDPR is easy – if you know exactly what you have to do. That’s why we provide new Disc customers with consultancy on GDPR, detailing precisely what Data Controllers must do to comply with the law, and provide a full set of ‘model’ documents to each new administrator so that ensuring compliance is simple and quick to acheive.

As our customers’ ‘data processor’ as defined in GDPR, we not only work under our clear, comprehensive Data Processor Contract but also provide ongoing GDPR support and advice, including ‘refresher’ GDPR online webinars on demand.

Need a one-to-one discussion or demonstration?

We’re happy to schedule a one-off webinar/conference call – it’s efficient and easy to set up. If you need a visit, we’d be delighted to come to see you.