On 25 May 2018, the European Commission enforced The General Data Protection Regulation (GDPR), affecting the way personal data is stored and managed.
What are we doing ?
The Wilson Organisation is, and always has been, committed to protecting your privacy; we have always ensured full compliance with the existing Data Protection Act 1998 and maintained the highest level of cyber security. In light of the forthcoming changes in Regulation, during 2017 we initiated a full review to ensure our compliance prior to the implementation of the GDPR.
Our plan has been designed to ensure that our business processes, procedures and systems are regularly reviewed, documented and staff are trained on the requirements of the GDPR. This also forms part of our wider compliance structure.
The primary elements include:
- We have undertaken a data mapping exercise for the identification of all information assets, so we know what data we have, where it’s held, how we access it, the classification of the data, what data we share and how it moves between systems
- We have undertaken a review of technical security measures, encryption, access restrictions, physical access, breach notification procedures and regular testing of our security
- We have undertaken extensive due diligence of all our third-party suppliers and providers, including information on their compliance with the GDPR and their breach notification policy
- Our policies and procedures have been updated to address privacy, data protection and information security to address changes in regulation
- We have updated our training programme and increased awareness amongst our teams, so they are fully aware and compliant with our updated processes and procedures in relation to GDPR, information security, breach reporting and compliance
- We have been updating our contracts with third party suppliers in light of the changes in regulation
- We have updated out data security incident and breach management plan, which we review on an ongoing basis, to incorporate the breach notification requirements that form part of the GDPR
- We always aim to achieve the highest standards of compliance and client satisfaction, so cyber security and data protection forms part of our overall compliance programme
- We conduct ongoing internal compliance audits across all aspects of our business to make sure we’re doing the right thing and to identify areas for continuous improvement
- External consultants are appointed to independently review and audit our compliance with FCA regulations and other areas of the business, to ensure we maintain our service excellence and adopt best practice
Want to know more about the GDPR?
To read more about the changes you can visit the ICO website: ico.org.uk