“The Peninsula Group has long been committed to keeping our clients’ data private and secure. We want to reinforce this commitment as we move towards compliance with the GDPR.” Alan Price – Group Operations Director.
The GDPR (General Data Protection Regulation) is the most important development of Data Protection Law for decades. It will strengthen and ultimately replace the existing Data Protection Act (1998) and is designed to protect the personal data and privacy of citizens across Europe. GDPR will not be affected by the UK’s exit from the EU and the Regulation comes fully into effect on 25 May 2018.
What is the Peninsula Group doing to prepare for GDPR?
The Peninsula Group is committed to achieving compliance with GDPR prior to the implementation of the Regulation in May 2018.
We are taking many steps across the entire business to ensure we will be ready for GDPR. We are identifying what personal data we hold for our customers, why we hold it, where it is stored and for how long. We are already compliant with the Data Protection Act and our compliance with GDPR will build on this foundation.
Here’s an overview of our GDPR Roadmap and progress so far:
- Board approval and support from the whole business to undertake this important work – COMPLETE
- Thorough audit of all areas of our business, products and services which are likely to be impacted by GDPR – COMPLETE
- Identify all systems and locations that hold personal data to ensure we know whether that data is held, why we hold it and for how long – COMPLETE
- Develop a strategy and requirements for how to address the areas impacted by GDPR – COMPLETE
- Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR – IN PROGRESS
- Ensure that all members of the business are educated and informed about GDPR and the changes that will be required by our business – IN PROGRESS
- Test all of our changes thoroughly to verify and validate compliance with GDPR – IN PROGRESS
- Finalise and communicate our full compliance prior to the deadline – TO BE ANNOUNCED PRIOR TO 25th May 2018
We are currently reviewing our data security, privacy policies and processes to ensure that we are not only compliant but go further to ensure that your data is safe with us. Based on the research conducted both internally and externally, we are confident the measures we have introduced will meet the requirements of GDPR.
What do Peninsula customers need to do?
While Peninsula is responsible for GDPR compliance to keep your data safe and secure, you too have certain responsibilities to your employees as part of the new legislation.
Here are a few practical tips:
- Make sure people in your business know that the law is changing.
- Create a register of the personal information you hold, where it came from, and who you share it with.
- Review the current privacy notices for the data you store and prepare to change them for GDPR.
- Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
- Check that you can honour the rights of individuals. If someone asks for their data, you should be able to give them it in a secure, standard format.
- If someone asks you to remove their data, make sure you can prove you’ve done so.
For more information about what The Peninsula Group can do to help in terms of GDPR consultancy, preparation and training for your business and employees, please contact us: email@example.com or call 0800 028 2420