GDPR Privacy Statement
We are in the process of making changes to ensure that we are compliant with new data protection regime when the General Data Protection Regulation (“GDPR”) came into force on 25 May 2018.
What are we doing?
We are working with data privacy specialist PCH (www.Pchelp-south.co.uk).
We have appointed a Compliance Manager and we are providing all the necessary in-house training to employees.
We have mapped our data processes and are making changes to ensure we are GDPR complaint, including:
- We are ensuring we have the correct lawful basis for the collection of personal data
- We are reviewing all our retention policies and amending where required to ensure they are appropriate
- We are enhancing our record-keeping practices to ensure we can demonstrate accountability for compliance
- We are making sure that any third parties that are storing or otherwise handling personal data on our behalf or to whom we transfer personal data have appropriate safeguards to ensure GDPR compliance. We are achieving this through (where appropriate) questionnaires, audits and enhanced contractual provisions or agreements
- We are making further improvements to our security policy to ensure all the data we store is as secure as possible
We are updating our current policies/documentation and processes and introducing new policies/documentation and processes, including:
- Website & Customer Privacy Notice, Privacy Notice for Suppliers & Privacy Notice for Consultants
- Terms & Conditions
- Data Protection Policy
- Data Map
- Third Party Data Processor Due Diligence Questionnaires
- Third Party Data Processing Agreements
- Retention Policy
- Individual Rights Policy & Data Subject Access Requests Procedures
- Privacy Impact Assessments
- Personal Data Breach Notification Policy
- Security Policy
The above information is provided for guidance only and does not constitute legal advice or otherwise create any legal liabilities or obligation.
If you have any queries, please email firstname.lastname@example.org