Security / Assuring compliance with GDPR

We have a full time Data Protection Officer, based in our offices in Manchester.
Q. How do we agree BrightHR's responsibilities as the data processor?
We conform to the ICO guidelines for breaches, so we would inform you without undue delay. As the data controller you would need to inform the ICO within 72 hours of becoming aware of a breach.
We only process your data in the way that we state in our terms.
We ensure that our staff and any subcontractors only process personal data in the way agreed by ensuring that the data cannot be accessed by our staff except for the purposes agreed.
We also use customer data to create aggregate statistics that do not allow identification of a customer or an employee. The aggregate data is used to develop new features as part of the service, provide information for us to plan and operate the service and for marketing purposes.
Still not answered your question? Get in touch with someone on our friendly Service Team.
You can quickly raise a support case, enter a few details and we will be straight back in touch.
Log a support case