The General Data Protection Regulation (GDPR) is the most recent legislation being enacted to protect personal information and how it is used. The GDPR will be enforced from 25 May 2018.
Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the current Data Protection Act (“DPA”). The Regulation extends the data rights of individuals and requires organisations to develop clear policies and procedures to protect personal data and adopt appropriate technical and organisational measures.
The GDPR is principally concerned with the storage and processing of Personal Data. Personal Data can include such things as Name, Address and Telephone Number. As a supplier to FSG, it is likely that we hold such personal data relating to you and/or your employees. In order to continue to hold and use such information, FSG is required to obtain your consent to do so.
Specifically in regard to our websites, any information submitted via the contact forms will not be passed on to any third parties, and only used for contacting the customers or individuals regarding the subject they have contacted us for, for example, enquiries and vacancies.
Statement
FSG adheres strictly to the Data Protection Act. We are now working towards full adherence to the new GDPR which comes into force on 25th May 2018.
The General Data Protection Regulation (GDPR) will replace the current Data Protection Act (DPA) governing the processing of personal data. FSG is working hard to ensure that it is fully prepared for these changes when they come into effect and will be documenting the progress along the way through our GDPR statement.
A lot of the concepts and principles will remain the same as those stated in the Data Protection Act but with more emphasis on accountability and how businesses are demonstrating compliance. GDPR still applies to personal data but there is a lot more detail included. The details make it clear that personal data can be something that indicates location such as an IP address.
The GDPR applies to both electronic systems storing and holding personal data and to manual filing systems where personal data is accessible. This is wider than the scope of the Data Protection act and includes chronologically ordered sets of manual records containing personal data.
The GDPR refers sensitive personal data as ‘’special categories’’ of ‘’personal data”. These special categories mirror those included in the DPA with some minor changes, they specifically include data used to identify an individual such as genetic and biometric data.
Unlike the DPA, the GDPR applies to both controllers and processors of data. The definitions mostly remain the same with the controller saying how and why data is used and the processor acting on behalf of the controller.
At times FSG act’s as both the controller and the processor. Where we are the controller, we will document who is the processor and where we are the processor we will document who is the controller.
Our software is risk managed through the use of strong passwords. All of our systems operate on needs only access including both customer and supplier systems which is controlled by a small central team.
In order to achieve full compliance, we have;
A programme of data audits underway to ensure we fully adhere to the new regulations,
Undertaken a review of policies and procedures and are in the process of amending these to ensure they are compliant
Reviewed colleague training and are in the process of amending this and rolling out to relevant colleagues.
Reviewed software requirements and are working with those suppliers where amendments are necessary to ensure compliance.
