GDPR Commitment Statement
Last Updated: 16 November 2020
The new EU General Data Protection Regulation (GDPR) came into force on the 25th of May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data.
Simply put, data subjects will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed.
WHAT IS CHARMAINE BROWN DOING TO PREPARE FOR GDPR?
Charmaine Brown is committed to achieving compliance with GDPR and we are actively taking steps to ensure that we will be ready for GDPR.
Here is a summary of our progress so far:
Training and Awareness
-
We have board approval and support from the whole business to become compliant
-
We are educating all members of the business about GDPR and the changes that will be required by our business
Data Audit
-
We have conducted an information audit of all areas of our business and services which are likely to be impacted by GDPR
-
We have identified all systems and locations that hold personal data to ensure that we know why we hold it, how we obtained it, how we process it, how we share it and how long we will retain it for
Policy Development
-
We are reviewing and will implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR
-
We are reviewing and updating our data related policies, including our Privacy Policy, Cookies Policy, Data Retention Policy, Data Protection Policy and Information Security Policy
Consent
-
We are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing
-
their information
Security Measures
-
We are implementing appropriate technical measures and appropriate controls to preserve data integrity and privacy
-
We are implementing appropriate procedures to ensure personal data breaches are detected, reported and investigated effectively
Supplier and Partner Relationships
-
Where relevant, we will be ensuring that our third-party suppliers are complying with GDPR
Documentation
-
We are documenting our processing activities and will maintain records on our processing activities and our lawful basis for processing data
Individual Rights
-
We are ensuring that our current systems will support the rights of individuals under GDPR, including the requirements around subject access requests