UK- GDPR Security Policy

How we secure your data

We are committed to the UK Governments National Cyber Security Standards (The Information Commissioner’s Office (ICO), whose role it is to uphold the GDPR in the UK, recommends the use of this Security Standard). Our server providers – Amazon AWS – comply with a range of privacy standards and compliance certifications, such as ISO 27017 for cloud security, ISO 27701 for privacy information management, and ISO 27018 for cloud privacy.

  • Encryption: We use secure protocols for communication and transferring data, such as encrypting data in transit, e.g. HTTPS and encrypting data when it is at rest/stored, e.g. AES256. Recordings uploaded via our website are encrypted in “transit” via HTTPS (see here for external confirmation of our current HTTPS status) and “at rest” while stored on our Amazon AWS London-based servers using Amazon AWS Security & encryption).
  • UK Law and a UK-based server: Transcripts and transcript recordings (unless otherwise directed by you) will be hosted on our London-based server. Recordings are held on our London-based server and processed in the UK by UK transcribers, ensuring that UK data law and rights are in effect (see here for external confirmation of our server location and Amazon managed).
  • Deletion: Recordings and Transcripts of those recordings will be deleted from our servers within 60 days of completion.
  • Firewalls: We use host-based firewalls on both computers and mobile phones and where possible, on our wifi routers.
  • Password-based authentication: Our systems are password-protected, and when possible, we use 2-factor authentication (both a password and a code is needed for access).
  • User Access Control:  User access to data is limited. Users can only see specific data that they have been granted access too in order to perform their specific role in providing our services (e.g. an accounts person can access client invoicing information but not client recordings. Typists can access specific client recordings they are working on, but not client invoicing information etc.)
  • Malware Protection (viruses, worms & spyware): Anti-malware software is deployed on computers and mobile phones.
  • Patch management: Software is licensed and supported. Software is removed from devices when no longer supported. Any security patches are applied within 14 days of an update being released.

Despite the use of best practices and a data breach that does occur, we will notify the suitable authorities. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.