As you may be aware, on 25th May 2018, the General Data Protection Regulation (GDPR) comes into force. As a company, we already comply to the Data Protection Act (DPA).
Many of the GDPR concepts and principals are much the same as the DPA, however we do recognise the difference between the 2. Any new elements and significant enhancement are incorporated within our current procedures. We carry out Internal Audits and Risk Assessments on a regular basis as part of our ISO accreditation.
To be GDPR compliant, a company must explain to their customers:
What is GDPR? The GDPR will replace the DPA on 25th May 2018. Essentially, both regulations are very similar in the sense that they both control the way in which all private data is collected, handled and processed, and both allow the legal right to individuals who have information stored about themselves within such systems, to access their data if needed.
However, the differing factor within GDPR is that it will allow individuals to have a tougher control over their personal data than before, regardless of what stage the information is currently at. This being whether it is stored within business systems, sent to third parties or processed. They will now be provided with a broader level of information on how their data is or will be stored and processed and must be portrayed and explained to them in a clear and understandable manner.
Awareness All decision makers and key people within PGR are aware of the new updated Law and of course, the DPA. This includes Directors and Managers. Our staff have been trained (on external courses) to prepare for the GDPR.
What data we hold? The information that we store include:
This information is vital to ensuring a smooth collection process. Customers provide us with this information, via email or telephone – consent is given from the customer.
No further information is required from the customer.