Header simPRO Legal


Below we have detailed some of the basic measures you should have implemented and are reviewing regularly to ensure you are complying with the GDPR within your use of simPRO.

Remember - there are many other parts to the operation of your business outside of simPRO where processes will need to be reviewed to ensure they are in compliance with the GDPR also.

Every business is unique in how they operate - this information is prepared just as a quick help guide with regards to your businesses use of simPRO.

If you are unsure of how the GDPR will affect your business we recommend you seek professional advice.

How do I ensure data is protected in simPRO?

User Accounts

Clients need to ensure they are reviewing / auditing the access they provide to users of their simPRO system.

It is vital to ensure that unused or expired accounts have their access removed to limit the potential for unlawful access to data. simPRO provides user access logs for this purpose and these should be reviewed periodically for any sign of illicit use of your simPRO system.

User logs can be accessed in System > User Logs.

You can read more on our Helpguide here.

User Permissions

It is important that user permissions within your simPRO system are configured correctly and reviewed regularly.

simPRO’s security groups are designed to restrict or limit access to various functions within simPRO based on a user's role in your organisation. It’s worth revisiting these before the 25th of May to make sure you’re compliant.

Security groups are defined in System > System Setup.

You can read more on our Helpguide here.


It has always been best practice to use passwords to protect systems and data. Ensuring these passwords are complex adds an additional level of security to your security processes.

We also recommend having a policy to ensure employees change their passwords on a regular basis to further minimise any potential risk of data breaches.

You can read more on our Helpguide here.

Mobile device management

One of the benefits of cloud-based software like simPRO is that it can be accessed anywhere from a mobile device. However, this raises issues with how data on the device is kept safe particularly if staff are using their own devices.

The good news is companies who use simPRO’s mobile apps have full control over who is using the app and therefore who can access personal data. From simPRO you can control who is able to use the app and turn off access if someone leaves or loses the device to prevent any data breaches.

If you operate a BYOD (Bring Your Own Device) policy it is your responsibility to know what devices your business data is being accessed on and to ensure that these devices are secure.

For more on Connect, visit our Helpguide here.

Geotagging with Connect & simTRAC

The GDPR does not mean you cannot geotag jobs and engineers activities within simPRO or simTRAC. However you may need to consider a company policy around this in order to comply.

Using personal data

If you are exporting personal data from simPRO to third party software such as a CRM to carry out other activities such as marketing then you will also need to ensure that your CRM usage is in line with the GDPR.

What is simPRO’s commitment to looking after your personal data?

simPRO already considers the protection of personal data a paramount corporate responsibility.

As both a data controller and a data processor, our GDPR team is committed to ensuring that our internal processes and products are compliant with applicable GDPR regulations from the date the regulation takes effect.

If you’d like to find out more about our infrastructure and commitment to data security take a look at our white paper on the simPRO Cloud.

Need more information?

The Information Commissioner’s Office (ICO) web site has an excellent range of information and a number of helpful guides on the GDPR that may be helpful in reviewing your compliance.

The publications on this website with regards to GDPR are only intended to provide a summary and general overview on the application of the GDPR to your business. It is not intended to be comprehensive nor does it constitute legal advice.