The General Data Protection Regulation (GDPR) will govern all businesses in the UK on the 25th May 2018. This is a European regulation to ensure individuals privacy and rights when data has been collated about them. The key pillars of GDPR are as follows;
- Individuals privacy is respected and process and systems uphold this by design.
- Right for the individual to request all data about them is deleted.
- Right to move the data from one data controller to another.
- Individual has control over their own data and how this data may be used.
- Transparency for data handlers, if a breach occurs then the data protection authority and the individuals affected within 72 hours of breach discovery.
- Severe non-compliance fines for businesses who do not adhere to the Regulation.
What are we doing about this?
A full pre GDPR audit has been carried out at Rydal Comms with the resulting actions being completed;
- Key compliance policies updated and shared with the team.
- GDPR and general IT Security training sessions scheduled for the team.
- Scoping of development of our internal CRM to allow for easy extraction of individuals data in the event of a request and subsequent removal where applicable.
- Allocation of a dedicated internal officer
Where is our data held?
No data processed or managed by Rydal Comms resides outside of the EU or is shared with 3rd parties (unless legal regulations or contracts with our customers dictate otherwise). Customer data, that is held within the cloud, is done so on a dedicated server which is located in the United Kingdom. This is a 24/7 manned data centre.
Should we introduce you to third party vendors, where you decide to use their service our GDPR policy doesn’t form any part of their compliance policy.
Rydal’s Data Protection Officer
To exercise your rights under the Data Protection Regulations, you may contact Rydal’s Data Protection Officer
on all issues related to the processing your data.