Data Protection Perspectives: Richard Harris on How Okappy Protects User Data

We talk Richard Harris, CEO of Okappy on issues of data protection to find out what his perspective is! Read on for more information about how Okappy protects user data.

First and foremost we want to reassure you that customer privacy and safety is paramount for Okappy. We have a number of procedures in place to ensure the highest level of protection for our customer's data. With GDPR coming into effect in May 2018, we have taken the opportunity to review our existing measures to ensure they are compliant with the new regulations.

Okappy’s aim has always been to improve working lives for the better. We have a customer-centric ethos to what we do; meaning that our customers are our top priority. We are continually monitoring the Okappy platform both for performance and security. But, given some of the scare stories around GDPR compliance, we thought it would be worthwhile writing a blogpost to provide you with further insight on what we do and the procedures we have in place to protect your data.


How is Customer Data Stored?

  • Data is stored on the cloud using the world’s leading cloud provider; Amazon AWS. In the unlikely event that Amazon AWS has a problem, we also have a separate provider which we can fall back to.
  • Data can only be accessed by servers within our own private network. Access to these servers is further protected by firewalls which limits access to key members of staff only (our data controllers under the old regulations).
  • We use multi-factor authentication and certificates to ensure that the key members of staff can administer the systems.
  • Data is encrypted in transit between different parts of the system and between the system and customer.

Who Can Access it?

  • Only a limited number of key staff can access the core data (our data controllers).
  • Okappy technical support staff can access restricted views of the data in order to provide help and support.
  • Customers can only view their data and information provided by their connections.

How is Okappy Protecting Your Data?

  • 24/7 monitoring of the system 365 days per year to ensure performance and security.
  • We always ensure we have the latest patches for any software and continually monitor for new vulnerabilities.
  • We have strong Firewalls in place.
  • We encrypt all traffic between each part of the platform and between the platform and outside world.
  • Only certain key Okappy members of staff can administer the system.
  • We have strong contracts in places with all employees, contractors and third party companies which include clauses to protect data.

What Would Happen if a Breach Were to Occur?

Monitor - We continually monitor for threat of attack, we have a team always on standby to action in the event of an issue. If a breach did occur we would be alerted and our automated and manual breach protection plan would kick in.
Isolate - If required, we would take affected parts of the system offline in order to isolate the breach.
Investigate - We would continue to investigate to identify the root cause of the breach.
Communicate - Keep our customers updated on the situation via our status page and via emails and tweets.
Educate - We would take preventative action and provide extra training where necessary to further strengthen and protect our security to ensure no similar incident could occur again.
Otherwise known as our Okappy MIICE procedure

What Does Okappy Use Data For?

  • Running of the Okappy service.
  • Providing intelligence to our customers.
  • Improving our products and services.
  • Marketing.
  • Analytics - to improve the experience of our customers.

How is Okappy Taking Steps to Being GDPR Compliant?

We were previously registered with ICO as part of the existing Data Protection Policies. This included a periodic audit of our security and systems. With the changes in regulation which are about to take place, we have reviewed the new regulations along with our existing policies, procedures and technology to ensure we will continue to be compliant.
We have attested to:

  • Reviewing our GDPR compliance
  • Reviewing our systems security
  • Taking a stock of what information is held and where

Do You Have a Cyber Security Policy in Place?

Please see our policy which is available on or website.

Leave your email below to stay up to date with our latest tips, tricks and trends on all things business?

2019-01-23T17:19:33+01:00