If you’ve been living on the moon for the last few months you may not have heard of some very important new data protection legislation which is being introduced today (25th May 2018). The new legislation is the General Data Protection Regulations (GDPR).
The GDPR is new European-wide law that replaces the current Data Protection Act, which is considered no longer fit for the digital age.
The new regulations place a far greater responsibility on companies in terms of how they use and store individuals personal data.
When the UK leaves the European Union next year, the Government has stated they will convert EU laws as they stand into UK domestic law. We therefore fully expect GDPR to remain in force post-Brexit.
Behind the scenes we’ve been working hard to ensure that Curchods and Burns & Webber are compliant with the new regulations.
Here is a summary of the steps we have taken towards becoming GDPR compliant:
- We commissioned a data protection audit to establish the gaps between our current procedures and what we need put in place to become GDPR compliant.
- Next, we conducted an internal audit of all personal data that the company processes in order to identify what personal data is held, how it is processed, stored and retained.
- We have updated contracts, correspondence and induction procedures to meet the new regulations.
- We’ve installed secure waste disposal bins for every office to dispose of hard copy records containing personal information.
- We have taken steps to increase security on all company IT equipment and will be issuing regular updates to all staff.
- We have created a new Company Intranet site, which is now accessible to all staff as a place to find and refer to the updated policies.
- We have issued contractual Data Sharing Agreements to every business we pass and receive personal data to and from, to ensure they also meet their obligations under GDPR.
- At head office we installed increased security for employee records.
- We commissioned the design and build of a soon to be released secure online portal, that once launched, will allow customers to manage their personal data and marketing preferences.
- We have issued training documentation to all staff on GDPR to guide them on how to help us remain compliant with the new regulations.
- We will be carrying out regular audits of all our branches and departments to provide ongoing training and monitor compliance