Everyone is getting ready for the General Data Protection Regulations (GDPR) which come into force on the 25th May 2018. This European directive has been put in place to stop data being exploited and to protect the rights of data subjects.
We have been working hard to update our policies and procedures and we are ready and fully compliant with GDPR.
- Established a Data Protection Team in the organisation who have been involved in reviewing our processes to ensure we are compliant. This team includes me - the managing director - and managers from the finance, marketing, IT and development teams.
- Audited our processes to help us to understand where changes were needed for compliance.
- Updated and expanded our data protection policy and added policies for subject access requests, incident response and breach notifications to ensure compliance.
- Documented and recorded all of these compliance measures.
- Trained all of our staff to ensure they are aware of the policy changes and how that impacts their role.