In 2017 we recruited a Data Protection Officer and undertook a data protection audit. We put in place a project to ensure that we are compliant with the GDPR by May 2018.
We are confident that we demonstrate our accountability and compliance. Our Data Protection policies and procedures have been reviewed and updated to reflect the changes required under GDPR.
Article 30 of the GDPR requires specific records to be kept of data processor activities. We have data inventories across all of our business areas to map what personal data we hold on behalf of data subjects, where it comes from, who we share it with and what we do with it. This provides us with the foundation of our GDPR compliance.
We have always promoted a positive culture of data protection and compliance. This has been improved through awareness and GDPR training for all staff.
The GDPR requires us to notify any security incident or breach and we have a process in place to achieve this.
The GDPR improves data subjects’ rights. We have a process in place to respond to all data subject requests for access to their information.
If you have any questions about GDPR, please contact our Data Protection Officer email@example.com