GDPR

The GDPR, General Data Protection Regulation, is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.

All of our policies and procedures adhere to the current data protection act (1998), and align to the GDPR which took effect on May 25th 2018.We are committed to high standards of information security, privacy and transparency. We comply with applicable GDPR regulations and our ongoing commitments include:

AWARENESS:

Briefing our board and staff so they are aware of the risks to the business and what needs to happen over the next 6 months to get GDPR effective.

SPONSORSHIP:

Appointed a Board sponsor who supports and oversees all internal GDPR work programs.

STAFFING:

Appointed a working group responsible for GDPR who meet weekly to discuss progress on agreed actions.

LEGAL OPINION:

Translated the GDPR into deliverables & functionalities so that Westcoast can align their compliance objectives, and mark progress against tasks as they are completed.

PERSONAL DATA DISCOVERY:

Conducting a Personally Identifiable Information (PII) location / format / security assessment across all data using departmental representatives.

PROGRAMME PREPAREDNESS:

Assessment of exposure & potential mitigations (Risk Based Approach).

POLICY GAP ANALYSIS:

Review and update of existing data protection policies, training, privacy notices etc.

TECHNICAL GAP ANALYSIS:

Where IT solutions can accelerate GDPR “effectiveness” acquiring & installing these IT solutions and services.

SECURITY CERTIFICATIONS & IMPROVEMENTS:

Continued commitment to security, tools and data protection across the business (we already have ISO:27001 and CyberEssentials PLUS certifications which emphasise our existing data security controls).

CUSTOMERS:

Aligning to our commitments as a Data Processor and adhering to all mandatory requirements set out under the GDPR.


Related Information