What are we doing to prepare for the GDPR?
What is the GDPR?
The General Data Protection Regulation (the GDPR) will come into force on 25 May this year and will bring in the most significant changes to the data protection laws since the Data Protection Act came into force nearly 20 years ago.
The GDPR will bring about changes that will ensure that individuals can provide their personal information to organisations safe in the knowledge that it will be processed safely and securely and will raise the bar for organisations making sure that they only use the most up to date systems and security measures.
The current data protection legislation was drafted before mass use of the internet and prior to mass instant data transfer and therefor the changes are much needed and we believe that these measures will bring benefits for everyone.
What are we doing to comply?
We are reviewing our systems, policies and procedures to ensure that we will be fully compliant by the time the legislation comes into force. We have been working on the following tasks:
- We have been looking at our technical and organisational systems to ensure that they comply with the Information Commisioners Officeguidance and meet the requirements of the GDPR.
- We are in the process of updating our terms and conditions and we will have fully compliant terms in place by 25th May 2018.
- We have been speaking to our third-party suppliers about their compliance and checking their terms and conditions comply with the GDPR.
- We have been reviewing our internal procedures affecting how we process personal data and will be putting into place a document retention policy and data security breach procedures.
- We will also have a procedure to deal with requests by individuals to access information, access to personal data, rectification, erasure and allowing them to object to automated decision making.
If you have any questions or comments, we would be happy to hear from you. We can be contacted at firstname.lastname@example.org.