These regulations will apply from 25th May 2018. As a company we have been registered with the ICO for many years as part of our overall policy to handle individual’s data responsibly. The current regulatory legislation is the Data Protection Act (DPA). We do view the security of data as our fundamental responsibility to all stakeholders, whether they are suppliers, employees, clients or any other individual or entity that we or our systems integrate with.
Our rigorous approach to the DPA requirements means that we have in many respects already introduced many of the measures expected by the GDPR.
While the nature of the business does not require the appointment of a Data Protection Officer, the Board of Directors has tasked a cross-functional committee, headed by the Group Accountant, with ensuring that we comply with the GDPR and in areas where we are non-compliant that measures will be introduced to deliver compliance with the GDPR.
Our preparations for the introduction of the GDPR are as follows:
- Training – Our GDPR committee has received specific training in this area as a starting point. This has allowed us to develop a plan whereby we can broaden the training through-out business.
- Identification – We have identified the data that we need to hold to complete our processes. The majority of our processes require that we raise and issue invoices to individuals and companies. The data required to achieve this, so typically name and address are essential. We may hold information relating to bank account or payment cards. These will be maintained in a secure environment and we will review all these platforms on a regular basis to ensure that the integrity is maintained.
- Erasure of data – We will remove personal data from our systems should it be considered redundant and of no use. We will need to comply with any requirements under the HMRC legislation.
- Data Disclosure and Release – We will never release information to third parties for marketing activities without your consent. It may sometimes be necessary to transfer your data to third parties, including those overseas, in order to maintain legal and regulatory compliance, or to recover amounts due to the company via a specialist debt collection agency.
Should you require any further information on our approach to GDPR, please contact Shaun Salmon on 01279 810 122 or firstname.lastname@example.org