15th February 2018
As many of you are aware we face a piece of legislation that will be operational with affect from 25th May, 2018
We wanted to take this opportunity to advise you of the steps that have and are taking place in P+S to ensure we are working towards the introduction of GDPR
GDPR means the General Data Protection Regulation and was approved by EU Parliament in April 2016. Although we are leaving the EU the UK has adopted this directive and it will become UK law in May 2018.
So, what does this mean and how will it affect us as a business?
From October last year we have gone through some rigorous “self-assessment” and are continuing to review, streamline, change, and amend our policies and procedures. We’ve looked at how we operate, implications of handling people’s data, why we hold it, how long we hold it for and how we can adapt our processes to respect, value and protect peoples identify.
We have implemented a new CRM system into the business. All the staff have been trained on the system and we hold a super user who will oversee the CRM and take us to another level in terms of our processes and compliance.
We have also embarked on applying for our ISO accreditation at the same time, ensuring our systems are robust and documented.
From January this year our DPO (Data Protection Officer) and myself have been on many webinars and conferences regarding GDPR and the affects it has for us as a business
Our progress so far consists of the following:
1. A promise to be responsible with people’s sensitive information. Devising a company policy and internal procedures.
2. We are in regular contact with our suppliers to ensure that they too have adopted changes to uphold the GDPR, this will be reviewed on an ongoing basis.
3. Our current database is in overhaul. All candidates are being contacted now to opt in or opt out of our services.
4. Candidates will be informed why we are holding their information, how long for and what we will do with it.
5. Candidates also have the option to leave our services at any time and this process is just as easy.
6. Data will be held for an agreed period and on the new system this will “flag up” and ensure that we are only working on data that is current, specific and within a timely manner.
7. GDPR is a subject of great importance to the board of Directors at P+S and will be part of the board meetings moving forward.
8. We are conducting weekly random audits with our staff and constantly monitoring and reviewing our processors.
9. The process of evaluation, monitoring and assessing will not stop within the business and we accept that we must constantly work hard to ensure we remain complaint always.
We wanted to advise that we are working hard now to ensure that procedures are in place asap and we are not waiting until May to make the changes our business.