Statement from James Erskine Ltd regarding compliance with the General Data Protection Regulation (GDPR).
As a company we are aware of our responsibilities under GDPR and have prepared the following self-declaration to demonstrate what actions we have taken towards compliance.
We have:
Updated our Privacy Policy, Terms and Conditions of Business and Cookie Policy on the website to show our actions are legal, transparent and in plain English.
Reviewed our Data Protection Policy to ensure we do not retain any data longer than is appropriate and a legal requirement.
Removed all pre-filled tick boxes for “opt in” consent from our website.
Amended our internal processes and procedures to establish who has access to what data within our company to minimize handling of sensitive personal data and how long it is retained for.
Worked at Director level to ensure we maintain GDPR compliance.
Trained all our staff to understand GDPR and the key concepts of Privacy Impact Assessments, Privacy by Design, Transparency, Consent, Subject Access Requests and Responding to Data Breaches.
Created a system for dealing with any Subject Access Requests that individuals may make related to the data we hold about them.
Established formal contracts that all suppliers we use who handle data about our company are aware of their responsibilities under GDPR and comply as Data Processors.
Established a process for undertaking regular Internal Audits that will include checking GDPR compliance.