Troncbox and GDPR
Troncbox’s commitment to security and data protection for GDPR
From our executive team to our developers, everyone at Troncbox takes the security of our product
and the protection of our customers’ and employees’ personal data very seriously. Our customers
trust us with their data, and protecting that is crucial to running our business.
We’re actively working with our customers to fully understand their data processing and privacy
needs. Additionally, we’re working with a specialist organisation to ensure that we’re ready for the
changes brought in by GDPR.
We approach data protection from two different angles: internal processes and technical development.
In short, we do everything we can to ensure we have the right people, processes and training in
place to protect our customers’ data, while also ensuring our product is technically airtight.
Technical commitment
From a technical perspective, we go to great lengths to ensure that we protect our system from
internal and external abuse with the controls laid out in this article. These controls play a big
part in our GDPR compliance, while also helping our customers become GDPR compliant by ensuring the
storage of employee data in Troncbox is up to GDPR standards. From a purely infrastructure
perspective, we ensure the following: that the Troncbox system is protected from external attacks,
that the data in the system is protected through encryption, and that we use data management
processes to protect data from internal and external abuse. We have a third party carry out
extensive penetration tests and a security audit on a regular basis.
Process commitment
All access to customer data is protected by roles and permissions within the Troncbox system.
Troncbox employees can only access data on a need-to-know basis, and according to “the principle of
least privilege,” which means Troncbox employees have the minimal level of access to data in order
to do their job.
We require all our employees to complete data protection training, with an emphasis on how data
protection relates to GDPR. Employees are routinely trained on new processes and procedures, and
retrained on any subsequent changes.
Additionally, we require that each department document any process that relates to the processing of
personal data. To protect our system against internal abuse, we also ensure Troncbox employees are
given the minimum access to data required to carry out their role.
We believe GDPR is incredibly important, and will continue to review our data protection processes
on an ongoing basis. We don’t see GDPR as a one-off project, but as an ongoing commitment to data
protection and privacy.