Preparing for GDPR
Following on from our last GDPR update in January, with the looming May deadline, we wanted to give you more information on how we’re preparing for GDPR.
From 25 May, residents in the EU will have greater say over what, how, why, where and when their personal data is used, processed and disposed.
We have always respected our clients’ and their payers’ right to data privacy. This means that we don’t collect and process users’ personal information for anything other than for the functioning of our services.
Our accreditation in industry standards ISO 27001 and ISO 22301 shows our commitment to data privacy and protection. We already have a strong Data Protection Policy, and we have updated this to make sure we’re meeting GDPR requirements.
How we’re making sure we’re GDPR-ready
Our dedicated project team have also implemented the following activities:
- A new training programme is underway for all staff, to make sure they understand their responsibilities in regards to data protection law, the nature and importance of personal data. This enables them to respond to requests and learn how to prevent privacy breaches.
- The incident reporting process has been improved, to help staff to know when, if and how to escalate any incidents that may involve personal data.
- Rapidata’s Data Protection Policy adds further clarity that all new services which may affect personal data, a Privacy Impact Assessment (PIA) should be carried out before launch, to minimise any privacy risks.
- An extensive data map has been created to show where data flows through different systems. We have also worked closely with our partners to make sure their procedures are GDPR-ready.
- Greater transparency of our activities, data management and security is now reflected within all client contracts.
Tips to consider when preparing for GDPR
Here are some of our suggestions you may want to keep in mind:
- Set up a data privacy team to manage GDPR activities
- Review current security and privacy processes and where applicable, take a look your contracts with third parties to make sure they meet GDPR requirements.
- Identify what Personally Identifiable Information (PII) or Personal data is being gathered
- Find out how this information is being processed, stored and deleted
- Evaluate the third parties with whom you disclose data
- Set up procedures to respond to data subjects when they exercise their rights and for data breach notification activities
- Conduct Privacy Impact Assessment (PIA)
- Making sure staff are aware of the regulation is key to meeting GDPR requirements.
If you would like any further information about our GDPR-readiness, please contact us on 01293 601 111 or firstname.lastname@example.org.