Infosec Cloud
Solutions. Services. Training.

Infosec Cloud GDPR Statement

Executive Summary

Infosec Cloud welcomed the introduction of the GDPR in May 2018. Infosec Cloud has always taken all information security seriously, including that of personal data, regardless of whether Infosec Cloud is acting as a processor or a controller.

All data storage platforms are physically located in the UK, plus the company only utilises hosting facilities based in the UK.

In terms of the GDPR, Infosec Cloud worked towards becoming fully complaint prior to the May 2018 date for the introduction of the regulation.

As such, our customers, partners, suppliers and employees can be confident that they are dealing with a fully compliant GDPR business and platform provider.

Infosec Cloud will be making documentation available to customers, partners and suppliers detailing both how our platforms, and Infosec Cloud as an organisation, are fully compliant with all aspects of the GDPR.


Infosec Cloud provides GDPR consultancy services and both internal and external experts are assisting in assessing every article of the GDPR. The company’s activities and products have been matched against all 99 articles.

Infosec Cloud considers the following regulations specific to our organisation:

1. A data controller of its own employee data
2. A data controller or processor of third party data such as activity relating to IT Security Reseller operations
3. A Software as a Service (SaaS) supplier
4. A business that provides Managed Service Provisions

A public document that details the policies and activities that Infosec Cloud employs, matched to the clauses of the GDPR, was made available from 26th May 2018.

Customers, partners and suppliers that have questions in respect to the company’s GDPR compliance should email the Infosec Cloud DPO, Andy Hanson (see contact details below).


Following a detailed assessment, Infosec Cloud amended, as necessary, all activities and associated policies and procedures to fully comply with the GDPR.

Infosec Cloud updated all customer, partner and supplier contracts. This is to ensure the GDPR reaches throughout the supply chain and business eco-system.

Infosec Cloud carried out Privacy Impact Assessments as necessary.

Infosec Cloud educated all employees with respect to their GDPR responsibilities. This includes training videos and quizzes to ensure awareness. We can also provide this training to your employees.

The Infosec Cloud websites are being updated so that contacts and customers have the assurance that their personal data is processed in accordance with the GDPR requirements. Websites and other on-line portals, such as the CSA service platform, will clearly display the company’s privacy policies.

The CSA service platform is currently being fully reviewed and will be amended as required. The solution is already compliant under the guidance of Infosec Cloud’s secure access and hosting requirements.

Infosec Cloud will maintain accreditations that demonstrate the company’s commitment to information security, including protecting all personal and sensitive data.

DPO contact details

Andy Hanson
[email protected]

Download a copy of the GDPR Statement >>

Download the Infosec Cloud Privacy Statement here>>

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks