We have put in place a comprehensive programme to understand and validate our use of personal data and to confirm the legal basis of our processing. This programme includes a full review of all data systems, associated processes and security controls.
Where appropriate, a data protection impact assessment approach, which is in line with the requirements and recommendations of the GDPR and relevant best practice, is being used.
Risk management is taking place at several levels within the organisation, including:
- Assessment of risks to the personal data we collect and process
- Regular information security risk assessments within specific operational areas
- Assessment of risk as part of the business change management process
- At the project level as part of the management of significant change, including Data Protection Impact Assessments (DPIAs)
We are engaging all employees in data privacy training, specifically tailored around the changes that GDPR introduces to ensure that all stakeholders in our business play their part in complying with the GDPR at all times and in delivering our information security objectives.
If you require any additional information regarding our programme or approach, please contact dataprotectionuk@SOCOTEC.com