These regulations came in force from 25th May 2018. As a company we have been registered with the ICO for many years as part of our overall policy to handle individual’s data responsibly. The current regulatory legislation is the General Data Protection Regulations 2018. We do view the security of data as our fundamental responsibility to all stakeholders, whether they are suppliers, employees, clients or any other individual or entity that we or our systems integrate with.
Our rigorous approach to the Data Privacy requirements means that we have in many respects already introduced many of the measures expected by the GDPR. While the nature of the business does not require the appointment of a Data Protection Officer, the Board of Directors has tasked a cross-functional committee, headed by the Finance Director with ensuring that we comply with the GDPR and in areas where we are non-compliant that measures will be introduced to deliver compliance with the GDPR. Our compliance of the GDPR are as follows:
Training – Our GDPR committee has received specific training in this area as a starting point. This has allowed us to develop a plan whereby we can broaden the training through-out business, all our Managers who handling Personal Data are GDPR Manager trained.
Identification – We have identified the data that we need to hold to complete our processes. The majority of our processes require that we raise and issue invoices to individuals and companies. The data required to achieve this, so typically name and address are essential. We may hold information relating to bank account or payment cards. These will be maintained in a secure environment and we will review all these platforms on a regular basis to ensure that the integrity is maintained.
CV Applications – all CV submitted will be emailed automatically to transport email where competent (GDPR) person will handle the information. All CV`s are printed and filed in lockable filling cabin for review.
Erasure of data – We will remove personal data from our systems should it be considered redundant and of no use. We will need to comply with any requirements under the HMRC legislation.
Data Disclosure and Release – We will never release information to third parties for marketing activities without your consent. It may sometimes be necessary to transfer your data to third parties, including those overseas, in order to maintain legal and regulatory compliance, or to recover amounts due to the company via a specialist debt collection agency.
Should you require any further information on our approach to GDPR, please contact Duncan Graham on 01698 792211