CloudPay GDPR Data Controller Statement
Where is Cloudpay data located?
We use Microsoft's data centre in Dublin.
How is your data protected?
Microsoft cloud has the most comprehensive set of compliance offerings of any cloud service provider. Microsoft was the first enterprise cloud services provider to implement the rigorous controls needed to earn approval for our contractual model clauses governing the transfer of data outside of European Union. Microsoft were the first cloud provider to achieve compliance with ISO’s important 27018 cloud privacy standard. Microsoft Azure has 53 major certifications and attestations – more than any other major public cloud provider.
CloudPay uses an Azure SQL Database in the Microsoft cloud.
The GDPR requires that organizations incorporate data privacy and protection principles into their products and services. Microsoft SQL Server provides several features to enable protection of sensitive data by default.
- Secure personal data through encryption at the physical storage layer using encryption-at-rest through the Transparent Data Encryption feature.
- Prevent unauthorized, high-privileged users from accessing data in transit, at rest, and while in use through the Always Encrypted feature.
- Protect personal data using Row-Level Security and Dynamic Data Masking features, which limit sensitive data exposure by masking the data to non-privileged users or applications.
- Help ensure that only authorized users with valid credentials can access the database server by using authentication. In the case of SQL Server, customers should rely on integrated Windows authentication. In the case of SQL Database or SQL Data Warehouse, customers should use Azure Active Directory Multi-Factor Authentication.
- Maximize the availability of a group of user databases for an enterprise with Always On Availability Groups.
- Get help detecting anomalous database activities indicating potential security threats to the database with SQL Database Threat Detection in Azure SQL Database and Azure SQL Data Warehouse.
- Understand ongoing database activities, and analyze and investigate historical activity to identify potential threats or suspected abuse and security violations by using SQL Server Audit in SQL Server and Auditing for Azure SQL Database in Azure SQL Database and Azure SQL Data Warehouse.
- Scan databases for insecure configurations, exposed surface area, and additional potential security issues using the Vulnerability Assessment service for Azure SQL Database or SQL Server.
Microsoft conducts ongoing monitoring and testing of Azure security measures that protect Azure SQL Database. These include ongoing threat modeling, code review and security testing; penetration testing exercises, and centralized security logging and monitoring.
Who can access your data?
Cloudpay data is restricted to authorised Payback Payroll personnel only.
If we decide we no longer want to use CloudPay what will happens to our data?
You will still be able to access the reports facility. We may at a future date delete your data. You will be informed before do this.
What about back ups?
The CloudPay SQL Azure Database automatically creates database backups and uses Azure read-access geo-redundant storage (RA-GRS) to provide geo-redundancy. Full database backups happen weekly, differential database backups generally happen every few hours, and transaction log backups generally happen every 5 - 10 minutes.