Security & Compliance (GDPR)

GDPR
The General Data Protection Regulation comes into force on May 25, 2018. The Regulation protects an individual’s rights with regard to personal data and privacy of data linked to them. As an organisation that is based in Europe, Lanmark has already put into place security controls designed to help us comply with GDPR by following the guidance from the regulation itself and by aligning ourselves with internationally recognised security methodologies, frameworks, and standards. You can find our security and compliance section below.
Most standards and frameworks for information security have a focus on people, process and technology. Outside of information security the same standards have specific controls around physical security which relate to physical access to assets that have information stored on them, or that can be used to access the information itself.

Lanmark are ICO Registered:  No. ZA350968

FAQ’s

Q. Is Lanmark GDPR certified?
A. No organisation can be GDPR certified. GDPR isn’t a certification scheme, standard or framework that any organisation can certify against. GDPR is a regulation which, if in scope, organisations must comply with.

Q. How does Lanmark comply with GDPR?
A. Our customers choose to work with us because a fundamental pillar for the success of our business is our robust data privacy framework. It ensures compliance with current privacy and data protection laws and encourages a culture of best practice when it comes to handling data. At Lanmark we are currently compliant with the ePrivacy Directive (the Privacy and Electronic Communications (EC Directive) Regulations 2003, also known as PECR under English Law). While GDPR requires an additional layer of process and documentation surrounding data processing activities, because we have continuously invested in protecting customer data, our products and services are already GDPR. Lanmark applies what we consider to be state of the art technology to secure the data that we hold on behalf of our customers. By further implementing detailed policies, procedures, and processes that are certified as compliant with the most rigorous industry accepted data security standards, we are fully committed to providing compliant, multi-jurisdictional, segregated and secure solutions for all our customers.

Our datacentre providers are also aligned with multiple well-known certification schemes such as ISO27001 and PCI-DSS. Lanmark is committed to adhering to these standards and applies robust technical, physical and cyber security controls.

Q. How does Lanmark carry out key technical aspects of GDPR, such as ‘privacy by design’ or data privacy impact assessments (DPIA)?
A. Lanmark carries out data privacy impact assessments on all aspects of its business, both internally and for products used by our customers. Lanmark applies privacy by design via governance processes such as architecture boards and as a key milestone at the beginning of every project.

Q. Can my solution or service from Lanmark be tailored for my organisation’s GDPR compliance needs?
A. Yes, Lanmark can tailor any bespoke service for our customers’ requirements and to meet GDPR. We have several cyber security offerings that can help our customers achieve a strong level of cyber security maturity, and with it, GDPR compliance.

LANMARK’S STANDARD AND GDPR COMPLIANT CLAUSES

The following link provides an extract of our updated standard data protection clause which has been updated for GDPR and forms part of our standard terms and conditions of business for all Lanmark Limited customers.

Lanmark’s Data Protection Clause Updated for GDPR

Client’s requiring specific personal data processing requirements outside of Lanmark standard hosted websites, hosted email, hosted applications or Epicbackup service then a separate Data Processing agreement may be requested. The link below provides our standard data processing agreement for review.

Lanmark’s GDPR Compliant Data Processing Agreement MAY 2018 v1.1

Click here for Lanmark’s Term and Conditions for all services.

DATACENTRE SECURITY CERTIFICATIONS FROM OUR PROVIDERS
ISO27001
ISO27001 is an internationally renowned standard viewed as a benchmark by most organisations and security professionals. The ISO27001 standard contains the core security controls that other standards use as a base. Lanmark’s datacentre providers hold ISO27001: 2013 compliance at multiple locations.

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard governed by the PCI Security Standards Council. The Council was founded by the major payment brands – American Express, Discover, Visa, JCB and MasterCard. Its goal is to develop and maintain common standards which encourage cardholder data security and to facilitate broad adoption of consistent data security measures across the industry.

SUPPLIER CERTIFICATIONS
Microsoft Gold Partner
Lanmark is a Microsoft Gold Partner for Cloud, demonstrating our best-in-class expertise of Microsoft’s key competencies. Only 1% of all Microsoft partners, worldwide, have achieved this outstanding degree of proficiency.