GDPR Commitment Statement
Last Updated: 16 November 2020
The new EU General Data Protection Regulation (GDPR) came into force on the 25th of May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data.
Simply put, data subjects will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed.
WHAT IS CHARMAINE BROWN DOING TO PREPARE FOR GDPR?
Charmaine Brown is committed to achieving compliance with GDPR and we are actively taking steps to ensure that we will be ready for GDPR.
Here is a summary of our progress so far:
Training and Awareness
We have board approval and support from the whole business to become compliant
We are educating all members of the business about GDPR and the changes that will be required by our business
We have conducted an information audit of all areas of our business and services which are likely to be impacted by GDPR
We have identified all systems and locations that hold personal data to ensure that we know why we hold it, how we obtained it, how we process it, how we share it and how long we will retain it for
We are reviewing and will implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR
We are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing
We are implementing appropriate technical measures and appropriate controls to preserve data integrity and privacy
We are implementing appropriate procedures to ensure personal data breaches are detected, reported and investigated effectively
Supplier and Partner Relationships
Where relevant, we will be ensuring that our third-party suppliers are complying with GDPR
We are documenting our processing activities and will maintain records on our processing activities and our lawful basis for processing data
We are ensuring that our current systems will support the rights of individuals under GDPR, including the requirements around subject access requests