Our services are hosted by Microsoft who were the first company to adopt and achieve the stringent ISO 27018 standard for GDPR. This is the standard for government organisations and suppliers to government organisations such as NHS trusts. Microsoft cloud services will include commitments to maintain GDPR compliance when enforcement begins.
Your “people” data comes into two categories.
We are providing hosting for such information. As long as there is a valid agreement between us, we will maintain your data, backed up every 5 minutes (via Microsoft services) with what is acknowledged as the highest level of security available and reasonably achievable.
We are legally obliged to delete any Microsoft hosted data once such agreement is terminated by you. Microsoft requires that their services are paid in advance. It is therefore essential that your customer account is always fully up to date. Ceasing licence payments implies you have actively terminated your contract. If for any reason your account is not up to date (for example your bank is experiencing technical difficulties), you need to contact us immediately. Especially if you are a start-up we will do our best to help. We can only maintain your data as long as you are a current valid customer. This is a direct consequence of GDPR.
You can and should use the reports available to maintain copies of employment data.
How secure is your data? Here are links to Microsoft's extensive compliance with GDPR