Since MindaClient was established in 2002, data security, protection and compliance have always been at the forefront of all decision making.
We understand that your data is your most prized asset and we have taken the essential steps to ensure that is protected, our ISO27001 certification emphasises this.

MindaClient is very proud to announce that we have successfully been ISO 27001 certified. Since we were established in 2002, we have always focussed on data security, reaching this globally recognized milestone takes that commitment to the next level. This certification is a reflection of our continuous investment in protecting your most valuable asset your data.
ISO 27001 is the world’s most widely recognized standard for Information Security Management Systems (ISMS). It was developed by the International Organization for Standardization and it sets out the framework a company needs to establish, implement and maintain rigorous information security processes. To achieve this, we underwent extensive, independent auditing of our systems, infrastructure and internal processes across two stages of external auditing.

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It comes into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, and it includes several new provisions to enhance the rights of data subjects and it imposes harsh penalties for violations of data protection rights.
List the categories of data subjects and personal data collected and retained e.g. current employee data; retired employee data; customer data (sales information); marketing database; CCTV footage.
Did the data subject sign up to a newsletter. Are they an existing customer governed by our contract in which case consent may not be required.
Do we have the necessary consents required and were the data subjects informed of the specific purpose for which we’ll use their data? Were we clear and unambiguous about that purpose and were they informed of their right to withdraw consent at any time?
Are we ensuring we aren’t holding it for any longer than is necessary and keeping it up-to-date? Do you have a policy for keeping the data up to date and have you defined the timeframe and criteria for getting rid of data. Do we have a defined policy on retention periods for all items of personal data, from customers, prospects and employee?
Are we keeping it safe and secure using a level of security appropriate to the risk? For example, will encryption be required to protect the personal data we hold? Are we limiting access to ensure it is only being used for its intended purpose? Who in our organisation has access to the data?
Are our staff trained in all relevant areas GDPR policy to ensure they handle data in a compliant manner?
Are we transferring any personal data outside the EU and if so, do we have the required adequate protections in place?
Do we have procedures in place to handle requests from data subjects to modify, delete or access their personal data? Do we have procedures to anonymise data if we are asked to do so by a data subject? Do these procedures comply the new rules under the GDPR?
Do we have a Privacy Policy in place and if so, do we need to update it to comply with GDPR?
In cases where our third party vendors are processing personal data on our behalf such as online accounts systems or CRM system have we ensured our contracts with them have been updated to include the processor requirements under GDPR?
One of the benefits of working with MindaClient is our exeprtise in security and compliance. When you work with MindaClient you also gain over 20 years of knowledge and consultancy around data protection, security and compliance for your organisation.
The data on the MindaClient GDPR web pages is not intended as a legal interpretation of GDPR regulation and should not be relied upon as legal advice. It was intended to:
You are advised to seek your own legal advice and to consult with the Data Commissioner’s website.
Read more about our security policy here – MindaClient Security and Data Integrity