The EU General Data Protection Regulation (GDPR) came in to force on 25th May 2018. This regulation impacts every organisation that processes personal data regardless of the United Kingdom’s decision to leave the EU. The regulation places more responsibilities on how companies manage the personal data of EU citizens and gives individuals rights to rectify, object and request the data that companies hold about them. What’s more, the GDPR is intended to compel companies to process personal data in a transparent and fair manner.
We are committed to maintaining high standards of information security and data privacy and as such, we welcome this important EU law which aims to regulate how companies process data. Before now, we placed a high priority on the protection and management of personal data in accordance with the Data Protection Act (1998) and as such, we already have rigorous standards in place concerning personal data as a data processor and data controller.
We will work closely with our customers and partners to meet our contractual obligations for our procedures, products and services. We are also dedicated to supporting our customers in meeting their obligations through the provision of expert services and value-added solutions.
We will continue to:
The volume of data we handle is captured and processed in a secure manner. Our Data Protection Addendum clearly informs our customers about this. We have carried out our due diligence to ensure that the right security measures are in place. Furthermore, we will ensure that we inform our clients and seek their consent when we employ the services of any new third-party suppliers.
Requirements such as Data Protection Impact Assessments (DPIA), privacy by design and default, active mitigation procedures and risk management measures are approached in a disciplined and strategic format.
In addition, our policies and procedures will be regularly reviewed to maintain GDPR compliance.
Our robust breach procedures will alert our data officer and the Incident Response Team (IRT) who will inform the controller(s) and supervisory authorities in the event of a high-risk breach.
Our data officer will inform, advise and monitor compliance. We will implement tools as appropriate that support the process, provide necessary security and ensure that all business procedures or processes align with the principles of the regulation.
We are ready to help our customers to meet the requirements of the GDPR whilst working efficiently to ensure we remain fully compliant and continually monitor our systems and procedures.
For further enquiries contact firstname.lastname@example.org