The General Data Protection Regulation (GDPR) will become effective from the 25th May 2018. The regulation aims to improve the security and protection of personal data in the EU. We are writing to you to outline changes which will be applied to our system in time for May 25th and can also provide our Software Company’s security statement upon request, as one of your Data Processor’s.
Changes to software:
Due to new GDPR legislation coming in to effect on the 25th May, changes are going to be made within our online booking portal application, as to how our customers’ passwords (online booking area) are managed. ICR Worldwide Express Ltd. will no longer set passwords for our customers, and instead will email a password reset link to our customers, so they can set their own password. Customers can also use the “Forgotten my password” link on our website, to receive an email link to change your password.
Passwords will not be visible to ICR Worldwide Express Ltd.
Passwords will now be case sensitive.
Customers who have passwords saved on browsers may need to update them, so it is case sensitive. Should any customer not know the password (as it was previously saved on the browser), we recommend they use the “forgotten my password” link on the website, or ICR can email the password reset link to you. These changes are necessary to maintain GDPR compliance, the changes will be made in the coming days and we will advise you, once completed.
An option within our courier tracking software, was the function to display extended tracking on the standard tracking page outside of the login area– this feature is being moderated to remove any name and address data by the 25th May, as it does not comply with GDPR.
ICR has accepted a recommendation to further upgrade our website security, to secure an SSL Certificate. The website will be SSL secure by 25th May 2018, and we will be updating our portal to be likewise secure by this date.
Deleting of Data
ICR Worldwide’s courier tracking Software Company is storing the data on your behalf in a secure cloud environment behind firewalls and IP address restrictions. Corporate data falls outside of the GDPR, but should you have requests to delete data from your systems, ICR can manage this by removing the address data from the consignee address book and user profiles. Should you require to have larger sets of data deleting, this will need to be undertaken by the database administrators and we will be able to quote on request.