Your Cart
usp icon | ID Card Centre

Still same day dispatch

Free UK shipping on web orders over £150

usp icon | ID Card Centre

Secure recycling

send your used plastic items for recycling through us

usp icon | ID Card Centre

Global shipping

...and tax calculator on checkout

usp icon | ID Card Centre

Price match promise

Contact us if you've seen a cheaper price

General Data Protection Regulation (GDPR)

data security and GDPR with ID Card Centre

By now, I’m sure you’ve heard all about the General Data Protection Regulations (GDPR) and what they mean. Whilst we’ve seen some pretty blasé and some pretty funny communications on the topic, at ID Card Centre, a large part of what we do involves handling data so we need to take it extremely seriously and we want to be sure that you have complete confidence in us.

Therefore, we just wanted to take a few minutes of your time to let you know what we’ve done and will continue to do to ensure your data is always secure and protected with us. Apologies in advance that it’s not funny, or clever, but it is compliant!


What have we done to prepare for the GDPR?

In the months leading up to the implementation date we:

  • Appointed a specific internal contact for everything GDPR. That is Nicola O’Brien and she can be contacted at [email protected]
  • Attended training workshops to ensure we were fully aware of what the regulations meant.
  • Appointed a legal GDPR expert to ensure that our policies, processes and communications are GDPR compliant.
  • Completed a full audit of all our suppliers checking important details such as where they store data and their GDPR and information security policies. If they didn’t pass our audit, we are no longer working with them.
  • Reviewed all of our internal processes that involve collecting and processing personal data to ensure compliance with the GDPR.
  • Put processes in place to ensure the data subjects rights are easily met including having the right to object to or restrict processing, to accessing, rectifying or deleting data and ensuring we can supply a data report if required.
  • Updated our website to make it very clear where consent is asked for and what it’s used for and how to withdraw it.
  • Reviewed how long we retain data for and changed our processes for example, if you provide us data to print on a card this will be deleted after a maximum of 30 days. Earlier if you ask us too.
  • Ensure data protection is a primary consideration in all existing and new business processes.

Our Website – You are in full control of YOUR data

There is now a ‘GDPR Tool’ available in ‘Your Account’ which allows you to instantly access, change and delete you own data. You can also request a full report showing you all the data we hold on you, this will be emailed to you within a few hours.

How do you protect the data when printing cards?

printed student cards

Obviously, a large part if what we do is printing data on to cards, such as ID cards, membership cards and ICE (In Case of Emergency) cards. This can involve a lot of personal data, including names and photos.

This is where we become the data processor (as opposed to the controller) so we’ve updated our processes to help you to remain compliant as the data controller.

  • We give you tools to securely transfer your data to us (please never email it!).
  • The data does not leave our UK based premises.
  • Your data can only be accessed by specific members of the team – all of whom have been fully trained on data protection and information security.
  • Our printing bureau can only be accessed by authorised personnel and your cards remain secure within our building until we hand them over to our trusted courier partner, UPS.
  • Any test cards and misprints are stored in our locked recycling bin ready to be shredded on site before being sent for recycling.
  • All ribbons used for printing your cards are also stored in locked bins and are removed by our waste partner to get used as waste for energy.
  • All data is deleted 30 days after we dispatch your order. This gives you plenty of time to check your order and advise us of any issues. If you’d like the data to be deleted sooner than this we can do this on demand.

This will mean a slight change to the ordering process for our existing customers but we will manage this and make it as straightforward as possible for you.

Staff Training

All our staff have mandatory training on data protection and information security which includes the changes in data protection law brought about by the GDPR. They are specifically trained in spotting data breaches and suspicious or fraudulent activity.  

Our Privacy Policy

Like most other businesses, we have updated our Privacy Policy to reflect the changes we’ve made and to give greater transparency on what we do with your data (which by the way isn’t anything strange) and to give you confidence that you are dealing with a company that is fully committed to GDPR compliance.

Cookie Policy

We have updated our Cookie policy to now list all the cookies on our website and state what they are used for and how to manage your settings.

Information Security

Alongside Data Protection we’ve been working on our IS policies and processes and we've:

  • Implemented a cybersecurity strategy to protect the business, our customers and data.
  • Instructed an independent cybersecurity consultant to carry out internal and external vulnerability assessments, including a penetration test. The results of our internal network assessment were excellent, with only a few minor recommendations concerning less than 2% of system information. These were immediately addressed. The external penetration tests were even better, with zero security concerns.
  • Upgraded our firewall.
  • Gained Cyber Essentials certification.
  • Started working towards ISO27001 certification.

Information Security Computer

Cyber Essentials logo

Following the advice of our independent cybersecurity consultants, we cannot name the security solutions we use because the information is strictly internal and confidential. Passing this information to third parties could cause vulnerability. However, we can confirm that our cybersecurity measures go far beyond GDPR requirements.

If you’d like copies of any of our policies or processes then please email [email protected] and we’ll happily send you a copy.

More Information
Our website uses cookies to ensure you have the best possible user experience.
To find out more, including how to change your settings click 'More Information' otherwise we presume your acceptance of our Cookie Policy.