Compliance

Compliance

Many of the systems we build and deliver at JUXT are required to meet compliance and regulatory requirements. We have experience in developing systems against PCI DSS, UKGC and GDPR. Our systems have undergone extensive testing, frequent vulnerability scanning and penetration testing. This not only ensures that systems are secure, but that the foundational stack that we build upon is proven and sound.

GDPR

Since May 25th, 2018, GDPR law is now fully enforced for all companies operating within the EU (including the UK).

As an EU-based firm, we know what it takes to meet both the letter and spirit of GDPR in the systems we build. Almost every system we build falls under the scope of GDPR, because computers users are usually people!

GDPR consists of 7 principles, all of which have an implication in the design of software systems, particularly at scale and to ensure continuous compliance.

  • Lawfulness, fairness & transparency

  • Purpose limitation

  • Data minisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

For example, to support the first principle (lawfulness, fairness & transparency) we (and our partners) can help with the following:

  • Creation of a set of published policies

  • Creation of user-friendly interfaces and back-end processes to support user access and full control to data about them (Data Subject Access Requests)

  • Automation of data subject notifications

Our policies are written in plain-text so that they can be stored in version control, and published to HTML and PDF. Our policies have been legally vetted by qualified lawyers.

We can build full support for DSARs, via forms and APIs, to allow users to exercise their rights under GDPR.

We have particular experience and expertise in building highly-secure and resiliant websites and information systems.

If you want to talk to us about GDPR, we can provide reviews and analysis reports to uncover major gaps and risks. Please get in touch.

Privacy policy