Payonomy is committed to compliance for when the GDPR law comes into effect on the 25th of May 2018, this includes building GDPR into current and future contractual commitments. Payonomy GDPR compliance has required the evolution of our current information security management system (ISMS); clarifying, improving and maintaining key data protection and privacy controls.

This journey is an active process and will continue up to and after the enforcement date. GDPR Commitment Statement

Efforts  have been made in the following areas:


Data Privacy: Further understanding the historical and future data we collect, process, hold and share in the context of GDPR. This includes mapping both the data and access as part of our current ISMS while introducing metadata tags regarding legal basis, privacy and consent.


Governance and Process: In addition to our current governance, risk and compliance strategy the GDPR has provided an opportunity to review and improve processes. We are committed to bringing in both Privacy by Design and Data Privacy Impact Assessments into our current GRC process.

Payonomy strives to improve our security, maintaining privacy for the data we hold and ensuring appropriate security across our partners and supply chain. GDPR and wider security compliance are not static operations and we will continue to improve our operational processes in response to 3rd party audits.


Our Commitment to Compliance

Commitment to meet all regulatory requirements where appropriate, an active process as further clarification is offered by the ICO and courts Build new regulation into the current information security management system (ISMS) as part of a continued commitment to security and privacy.

Continue along our journey to achieve compliance for GDPR by 25th of May 2018.

Plan and prepare to continually improve our policies beyond May 25th, 2018

Maintain security and privacy of our data and our client’s data to industry standard best practise / applicable laws.