The GDPR (General Data Protection Regulation) is the most important development of Data Protection Law for decades. It strengthened and ultimately replaced the existing Data Protection Act (1998) and is designed to protect the personal data and privacy of citizens across Europe. GDPR will not be affected by the UK’s exit from the EU and the Regulation came into effect on 25 May 2018.
What WoodWhite did to prepare for GDPR?
WoodWhite is committed to achieving compliance with GDPR prior to the implementation of the Regulation in May 2018.
We took many steps across the entire business to ensure we were ready for GDPR. We identified what personal data we held for our customers, why we held it, where it is stored and for how long. We were already compliant with the Data Protection Act and our compliance with GDPR was build on this foundation.
Here’s an overview of our GDPR Roadmap:
- Appointment of Data Protection Officer and formation of steering committee to organise support to undertake this important work – COMPLETE
- Thorough audit of all areas of our business, products and services which are likely to be impacted by GDPR – COMPLETE
- Identify all systems and locations that hold personal data to ensure we know whether that data is held, why we hold it and for how long – COMPLETE
- Develop a strategy and requirements for how to address the areas impacted by GDPR – COMPLETE
- Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR – COMPLETE
- Ensure that all members of the business are educated and informed about GDPR and the changes that will be required by our business – COMPLETE
- Test all our changes thoroughly to verify and validate compliance with GDPR – COMPLETE
- Finalise and communicate our full compliance prior to the deadline – COMPLETE
We reviewed our data security, privacy policies and processes to ensure that we are not only compliant but go further to ensure that your data is safe with us. Based on the research conducted both internally and externally, we are confident the measures we have introduced will meet the requirements of GDPR.
What do WoodWhite customers need to do?
While WoodWhite is responsible for GDPR compliance to keep your data safe and secure, you too have certain responsibilities to your employees as part of the new legislation.
Here are a few practical tips:
- Make sure people in your business know that the law has changed.
- Create a register of the personal information you hold, where it came from, and who you share it with.
- Review the current privacy notices for the data you store and prepare to change them for GDPR.
- Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
- Check that you can honour the rights of individuals. If someone asks for their data, you should be able to give them it in a secure, standard format.
- If someone asks you to remove their data, make sure you can prove you’ve done so.
For more information about what WoodWhite can do to help in terms of GDPR consultancy, preparation and training for your business and employees, please contact us: email@example.com or call 0118 997 7100