At Blackdog Digital we are experienced in the requirements of the Data Protection Act 1998, our role as a Data Processor, and our customers role as the Data Controller. As the Data Processor we follow the 8 Data Protection Principles of good data handling. We always draft a written agreement in which we will formally agree the conditions under which a customers' data may be processed; the minimum security measures that we have in place; and appropriate mechanisms that will enable our customers to be confident we are compliant with security requirements, including a right of inspection or independent audit. We will ensure:
- An appropriate Data Sharing Agreement is in place to allow all parties to demonstrate their adherence to the Data Protection Act
- Only process the data inline with our customers' instructions, and to never use it for any other purpose
- Restrict access to customers' data to approved Blackdog Digital staff only
- All electronic data processing and manipulation is done securely in an ISO 27001 certified environment within the European Union or EU approved location
- All electronic data is destroyed after 90 days following processing using secure deletion software. Our 90 day retention is specifically to support any questions or queries following print production
- Surplus print materials are destroyed using the Shred-IT managed service to ensure data is destroyed and recycled securely.