Troncbox and GDPR

Troncbox’s commitment to security and data protection for GDPR From our executive team to our developers, everyone at Troncbox takes the security of our product and the protection of our customers’ and employees’ personal data very seriously. Our customers trust us with their data, and protecting that is crucial to running our business.

We’re actively working with our customers to fully understand their data processing and privacy needs. Additionally, we’re working with a specialist organisation to ensure that we’re ready for the changes brought in by GDPR.

We approach data protection from two different angles: internal processes and technical development. In short, we do everything we can to ensure we have the right people, processes and training in place to protect our customers’ data, while also ensuring our product is technically airtight.

Technical commitment

From a technical perspective, we go to great lengths to ensure that we protect our system from internal and external abuse with the controls laid out in this article. These controls play a big part in our GDPR compliance, while also helping our customers become GDPR compliant by ensuring the storage of employee data in Troncbox is up to GDPR standards. From a purely infrastructure perspective, we ensure the following: that the Troncbox system is protected from external attacks, that the data in the system is protected through encryption, and that we use data management processes to protect data from internal and external abuse. We have a third party carry out extensive penetration tests and a security audit on a regular basis.

Process commitment

All access to customer data is protected by roles and permissions within the Troncbox system. Troncbox employees can only access data on a need-to-know basis, and according to “the principle of least privilege,” which means Troncbox employees have the minimal level of access to data in order to do their job.

We require all our employees to complete data protection training, with an emphasis on how data protection relates to GDPR. Employees are routinely trained on new processes and procedures, and retrained on any subsequent changes.

Additionally, we require that each department document any process that relates to the processing of personal data. To protect our system against internal abuse, we also ensure Troncbox employees are given the minimum access to data required to carry out their role.

We believe GDPR is incredibly important, and will continue to review our data protection processes on an ongoing basis. We don’t see GDPR as a one-off project, but as an ongoing commitment to data protection and privacy.