WorkCast's GDPR Information

Last updated May 15, 2018



WorkCast confirms that it is aware, as processor, of its responsibilities under the GDPR.

A processor is responsible for processing personal data on behalf of a controller.

WorkCast hold records of Client Data and processing activities, and confirms that security and organisational measures are in place in order to ensure that its obligations under GDPR are complied with.

All clients of WorkCast have the right to access, delete and transfer any data which WorkCast holds about them (including their Personal Data), relating to the contract and services delivered in relation to said contract. If the Client wishes to make such a request, it should be submitted to and WorkCast shall respond within 5 days of receipt

WorkCast shall comply at all times with the ICO’s code of practice on Privacy Impact Assessments and has a designated individual to take responsibility for data protection compliance. The business takes the protection of all client data seriously (including the Client’s Personal Data) due to the nature of the business being performed and the Personal Data being held.

Under the GDPR, WorkCast requires consent in order to retain any Personal Data which relates to the Client (unless it can rely upon another ground of lawful processing) and the Client has the right to opt out of such data retention.

All opt out requests should be submitted to and WorkCast shall respond within 5 days of receipt.


  • Network/ authentication Attributes

All all data within the product is potentially retained, see data retention below.

  • Anonymisation

All data help is by “pseudonymization” – for a process rendering data neither anonymous nor directly identifying.

  • Data Retention

 As per terms set out within the below link all data retained can be accessed upon request, the procedure for which is clearly stated here.

  •  Backup storage

Yes all data held is within our company data backup procedures.

  • Backup storage location: Reading, UK
  • Data Retention Length Whilst in contract with WorkCast only
  • Data removal process Deleted
  • Cloud provider AWS (Amazon Web Services).
  • Hosting areas Globally excluding China
    • Consent: event organisers will be required to obtain the attendees consent to store and use their data
    • Breach Notification: GDPR makes it compulsory to notify both users and data protection authorities within 72 hours of discovering a security breach
    • Access: Free of charge and within 30 days businesses will need to provide digital copies of private records to attendees that request what personal data the organisation is processing, where the data is stored and what it is being used for
    • Right to be Forgotten: EU citizens and residents can, at any time, ask for their personal data to be deleted. This will apply to our organisation and any 3rd parties
    • Data Portability: Individuals will now have the right to ask the organisation to give them back a copy of all the personal data they previously provided
    • Privacy by Design: GDPR requires that organisations have to have data security built into products and process from the very start. Particularly applies to all the tech systems that help gather and manage personal data