Contact Us Background

GDPR Compliance Statement

The General Data Protection Regulation (GDPR) is now enforceable.

General Data Protection Regulation

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is enforceable from May 25th, 2018. It has now become automatically binding and applicable from this date so those affected should already have their plan for fully compliant Data Protection in place.

The GDPR imposes new obligations on organisations that control or process relevant personal data, introducing new rights and protections for EU data subjects. It applies in the European Union (EU) and requires no in-country legislation but any organisation processing data of EU subjects, whether located in the EU or not, are bound by GDPR.

VIA have always placed a high emphasis on Data Protection from the outset. As such, privacy-by-default is built into everything we do so we are fully prepared to implement the incoming legislation. Since 2016, VIA have been ISO-27001 accredited and regularly inspected to ensure our data is secure. We also undertake non-required security assessments, such as regular penetration testing, physical and virtual, and social engagement testing. Furthermore, all of our employees have regular Data Protection training and refresher training to keep them up-to-date with the latest security measures.

VIA has been identified as a Data Controller of Employee Data and a Data Processor as a Software as a Service (SAAS) provider.

Security And BC Measures

Security has always been at the core of everything VIA does. From Data Centre Infrastructure to our Customer Portal. VIA are ISO 27001:2013 compliant and are regularly inspected and audited by a qualified professional. Penetration Testing is also performed quarterly.

Our ISO27001:2013 qualification has the following basic principals which give us compliance with the GDPR.

  • Emphasis on a continual process of improvement within our Information Security Management System.
  • Clarifies the requirements for data handling and record management.
  • Risk assessment management processes using a Plan, Do, Check, Act (PDCA) process model.
  • Ensuring Management processes are in place to provide access to data to only those who require it.
  • Tight and strict access control processes in place both physically and virtually.

Breach Notification

As required by GDPR, VIA will provide notification of breach detection within 72 hours. We will provide notification to the Information Commissioner's Office (ICO), private notification to those affected and public notification through our Service Status page, found here:

Data Subject Access Rights

As required, VIA will work with customers (defined as the direct relationship between VIA and Customer, not individual end-users) to provide access to their data. Should you wish to make a Data Subject Access Request, please raise a support ticket through the normal channels.

Third Party Data Access

VIA has never and will not ever sell, distribute, or otherwise provide any personal data to any Third Party unless required to do so by law, government or regulatory body. VIA's full Terms and Conditions can be found here:

With the regulation now in place, VIA is here to answer any questions you may have about how GDPR may affect your data processes. Connect with us through our Live Chat or contact us today.


We will contact you to arrange a 15 minute demo.

( )  ext:

What products are you interested in?

Do you have any additional requirements?