GDPR Statement

Updated: 30th July 2020

EU General Data Protection Regulation

The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and the new Data Protection Act (DPA) 2018 also came into force around the same time. Both legislations will provide a single regulation across the European Union (EU) and place obligations on organizations that operate outside of the EU but provide goods or services to EU citizens.

Our Commitment

KeyedIn Solutions is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognised our obligations in updating and expanding this program to meet the demands of the GDPR.

KeyedIn Solutions is compliant with our obligations under GDPR with respect to the provision of our Cloud Services in the EEA (where we are a Data Processor). Data Processing agreements are in place with sub-processors and appropriate transfer mechanisms are in place were data is accessed from outside the EEA.

Where we act as a Data Controller, our Data Impact Assessments and Supplier agreement/contract reviews have been completed.

Cross-Border Data Transfer

KeyedIn Solutions is a company headquartered in the United States of America.  In light of the recent ruling by the European Court of Justice invalidating the Privacy Shield as adequate protection against 3rd party access to data we have implemented Standard Contractual Clauses between KeyedIn Solutions Ltd and KeyedIn Solutions Inc.  

KeyedIn Solutions Inc. remains registered with EU-US Privacy Shield and Swiss-US Privacy Shield.  This shows our commitment to the 7 key Privacy Shield principles.  Our Privacy Shield Framework Listing can be found at

For more information about the Privacy Shield program, please visit 

We are contracted with TRUSTe to act as our third-party dispute resolution provider within the USA.

Our Corporate (where we act as a data controller) and Platform (where we act as a data processor) Privacy Policies have been revised to incorporate our GDPR obligations and can be found on our website at /privacy-policy.


KeyedIn Solutions have undertaken a review of supplier and third-party contracts and arrangements to ensure that all of our partners apply the high standards of data protection that we and our customers expect.


KeyedIn Solutions holds ISO 27001:2013 certification for KeyedIn Projects UK operations.

Data Impact Assessments & Data Inventory

We have taken a comprehensive review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records; these processes have been documented in our data retention and destruction polices. Data assessments that have been completed covered: information flow, data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.

Training & Awareness

Our security training has been revised and formalised in order to provide awareness of GDPR and its impact on the policies, procedures, and responsibilities of all employees. This was rolled out through our corporate Learning Management System.

In addition to the corporate Learning Management System we have numerous detailed polices in place which cover a wide range of aspects ranging from Information Classification and Handling to Access Control. All current KeyedIn and new KeyedIn employees sign these polices confirming that they have read and acknowledged these policies when processing and handling data. These polices are reviewed and re-issued to all KeyedIn employees to sign annually.


KeyedIn Solutions protects your data from inappropriate access or use by unauthorized individuals with robust measures, including restricting access by KeyedIn Solutions personnel and subcontractors.

To provide our Cloud Services we use Tier III standard data centres certified to ISO 27001, protected by 24-hour physical surveillance, and continuously monitored using strict access controls.

KeyedIn Projects has built-in security features to help you secure your data, including encryption in transit, encryption at rest, comprehensive role-based access control, and support for SAMLv2 SSO.

Data Protection Officer

KeyedIn Solutions does not capture or hold any special category data therefore, a Data Protection Officer has not been appointed.

The Information Security Management Team (ISMT) will work with other key areas of the business to manage our Data Protection obligations.

Cloud Service Terms and Conditions

A standard data processing agreement to be used alongside our Cloud Service Terms and Conditions is in place.

Direct Marketing and Obtaining Consent

Our opt-in mechanisms for marketing subscriptions can be found on all KeyedIn websites and subsequent marketing materials. Our unsubscribe, privacy practices and statement regarding our commitment to protecting your privacy can all be found within our privacy policy. All KeyedIn websites have a link to our privacy policy.

We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.