When the new General Data Protection Regulations came into effect on 25th May 2018, Twinkl Ltd put into action the 12 steps recommended by the ICO.
We also have the following security, technical and organisational measures: Encryption; Firewalling; Anti-Virus; Vulnerability Scanning; Role Based Access Control; Multi-Factor Authentication; Risk Assessment and Mitigation; Logging, Monitoring and Inventory and Auditing; Screening; Secure Design; Physical Security Controls; Secure and High Availability System Configuration; Disaster Recovery Mechanisms, Incident Response and Business Continuity Processes, including Backup; Training; Policy; Contractual Agreements.
All of our employees are up to date and fully aware of data protection rights and we maintain and regularly review our internal data protection policies. Only certain departments have access to sensitive data, and all subject data is minimised. Data is stored as long as financial compliance laws require, and then it is deleted.
All payment details entered into the site are secured by third parties such as Adyen and PayPal and they are not stored by us on the Twinkl database. Appropriate contractual measures are in place for these third parties.