Core DataCloud GDPR Security Statement
Introduction and Overview
Core DataCloud is a UK-based managed service provider offering backup and disaster recovery services to its UK based customers.
We are audited annually by the BSI and are ISO 27001 accredited for managing information security and building resilience.
The data we store is defined and determined by the customer and is controlled by the customer.
All data is held in Tier 3 UK data centres and no data is transferred outside of the UK.
Core DataCloud acknowledges the responsibility it has towards the privacy and protection of its clients’ data and takes appropriate security measures to safeguard this data.
This Policy explains how Core DataCloud protects and manages any data, which may include personal data.
Core DataCloud implements the following technical measures to ensure the correct level of security is used to protect customer data and meet GDPR compliance:
- As part of Core DataCloud’s backup process, all data is automatically encrypted locally, in transit and at rest, wherever it resides. Decryption only occurs during the restore operation and is initiated using a unique customer defined encryption key.
- Core DataCloud does not have any control over customer data or access to it. All customer data, including the management of passwords, retention and security, is controlled by the customer.
- Backup frequency – Core DataCloud automatically backups customer data according to each customer’s specific requirements.
- Data retention – Core DataCloud retains customer data for the length of time specified by each individual customer to suit their business requirements. Retention policies are defined by the customer and Core DataCloud follows customer instructions regarding this.
- In the event of a physical or technical incident, Core DataCloud enables customers to restore data and resume working in a timely manner. The ability to restore a customer’s data is tested as part of Core DataCloud’s Disaster Recovery test, which is carried out in order to test, assess and ensure the security and validity of the data backup.
- Core DataCloud is ISO27001 certified and undergoes an annual audit with the BSI to challenge its IT processes and ensure that it complies with the GDPR.
- On termination of a service contract, Core DataCloud removes all data from its infrastructure and provides sufficient proof that this has been done.