In line with the requirements of the new General Data Protection Regulation (GDPR) that has just come into effect, Verisio has developed policy and procedures to address the challenges relating to our industry. The salient features in practical terms are as follows:

  • Verisio takes data protection seriously and has robust processes in place.
  • In the course of auditing we gather confidential information on companies and individuals which must be stored and processed with great diligence. This confidentiality has always been at the heart of good social compliance auditing.
  • All data we gather is stored in our cloud-based Optimus system housed in a typhoon- and earthquake-proof data centre. This data is protected by security that exceeds the Advanced Encryption Standard (AES). No stand-alone personal data is permitted to be kept on individual computers.
  • Every access by any user is recorded by the system using IP addresses and date stamps. Master and Individual passwords are changed on a regular basis and must exceed 12 mixed and random characters.
  • During the audit, data subjects are requested to give consent to the use of their data as part of their contractual commitment to the master client. Their data can only be viewed by the controller, the processor, the subject and the master client.
  • All data is collected and processed in a lawful, fair and transparent manner.
  • Verisio has appointed an Internal Data Protection Officer.
  • Any data subject may have full view of all the data held on them by requesting a log-in to the Optimus system. Commonly any data will have already been shared in the form of a hard or soft-copy audit report.
  • Data may be shared with law enforcement or intelligence where the standards of vital, public and legitimate interests are met. This may apply in the case of vulnerable workers or children being under immediate threat.
  • Verisio may contact companies with relevant information to any audit or services but will ask consent for any direct mailings.
  • As part of the contractual arrangement within auditing, data must be kept for an indefinite period of time, as agreed between the master client and the data subject. However, if all parties are in agreement, data may be erased permanently from the system.
GDPR Policy and Key Facts