Enhanced regulations to standardise data protection and protect an individual’s right to privacy, called General Data Protection Regulations (GDPR) have come into force. Applying to all businesses that process or store personal data, every organisation will have to have reviewed and implemented compliant processes, and we have been doing this and, where necessary, updating our procedures, processes, systems and documentation.
In keeping with GDPR principles, we will:
- Keep all personal data secure.
- Process all personal data fairly and lawfully.
- Will not keep personal data for longer than is necessary.
- Only process personal data for specified and lawful purposes.
- Endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.
- Endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area without adequate protection.
As part of this process:
We have reviewed our IT security procedures and solutions and will continue to do so.
We have undertaken data mapping of the personal data we store, manage maintain, collect, process and control.
We have updated our terms and conditions to reflect the requirements of GDPR.
We will be providing training to our employees and generally raise the awareness and importance of GDPR to our business.
We have a programme to ensure that our suppliers are compliant with the principles.
We will continually look at ways of improving our systems and procedures to better comply with GDPR.