Medic Passport is GDPR compliant and secure

We care about GDPR compliance and security for our customers.

Image of a safe

Medic Passport being GDPR compliant means….

We ensure your employee records are kept securely and in a manner compliant with GDPR. We set up record keeping, provide audit tools and handle subject access requests by your data subjects (doctors).

  • We know where your data is being held

  • You can view, amend and erase your data

  • Your data is portable, so you are not locked in

  • You control who can access your data

  • We provide you with tools to meet your responsibilities as a data controller and help your organisation keep your employee data compliant with GDPR.

You can review the exact security standards we use here and read our privacy policy. You can also contact our Data Protection Officer at

Security Features

In addition to robust data encryption in transit, in use and at rest, we carefully comply with advanced compliance and assurance programs and legislation.

  • IG SoC security compliant

  • Registered with the Data Commissioner’s Office under the Data Protection Act (1998)

  • Data stored within the UK

  • OWASP Cloud 10 compliant

  • Security of data in transit: HTTPS / SHA 256 with RSA, TLS 1.2 encryption

  • Security of data in use: OAuth2

  • Security of data at rest: AES 256-bit server file-based encryption, VPC

  • Servers audited under ISO 27001:2013, AICPA SOC1, SOC2, SOC3 and PCI-DSS