GDPR and Cadwyn
If you haven’t heard about GDPR, or General Data Protection Regulation then you’ve probably been living under a rock. I’m sure that just like us, you have had oodles of emails about privacy notices and updating your marketing preferences!
GDPR began in all its glory on Friday 25th May 2018. It is the biggest shake up of data protection in 20 years. Over the last 20 years the way personal information is stored, handled, shared and processed has completely changed!
We are a digital society, potentially sharing personal information across many social media channels and many of us have a smart device close to hand at all times. These social media sites and devices use sophisticated software and intelligence to capture (and store) the information we share. Just think about how you can use your finger print or face to open your phone, or the next time you pay for something using Apple Pay.
Cadwyn must comply with the new GDPR regulation. As a business, we process and store personal and sensitive information, it’s just the nature of our business. But what we do with this information and what happens to it is where our attention has been focused. Over the last year, we have undertaken a mapping exercise on all of the personal and sensitive information we hold. We looked at how it flows through the business, who it’s shared with, how long we hold it for and how it’s disposed of. Fun!
The results of this are detailed and complex (good bedtime reading), but here is a summary to demonstrate our assurance that we are treating your information as if it were our own:
- We are registered with the Information Commissioners Office (ICO), the UK’s independent authority set up to uphold information rights for individuals.
- All staff are undergoing GDPR and Data Protection training, this new knowledge will ensure compliance and annual refresher courses will be undertaken by everyone – and we mean everyone!
- We have fully updated and reviewed our Data Protection Policy for GDPR compliance, we have made the necessary changes to bring ourselves up to the required standard and principles and always put the data subjects right at the heart to ensure safeguarding.
- We are confident that all our information processing is Lawful – basically we only keep it and share it if we have to.
- We keep data collection to a minimum and only use it as you would reasonably expect.
- We delete it when we are supposed to. Bye bye data!
- All data processing is protected against security breach and unauthorised access through a myriad of technology.
- We have ongoing data governance; this requires periodic review and is controlled by our Data Protection Officer.
- Privacy Notices will be used for all data subjects – including rights and how to exercise them.
- Direct Marketing will only be received if you have consented or requested.
- We ensure that all third parties we work with are GDPR compliant and have sharing agreements in place.
- Any personal data breach is reported to the ICO for investigation.
But it’s not as scary it might seem, for any businesses that are already complying with data protection laws – that’s us – the new GDPR regulation is only a step change, we were doing most of this stuff anyway.
As Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, commented
As a last note, if any of this doesn’t make sense or you want more information, get in touch with us via firstname.lastname@example.org
Leynie is PA to the Chief Executive.