What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.
All of Westcoast’s policies and procedures adhere to the current data protection act (1998) and will align to the GDPR when it takes effect on May 25th 2018.
Westcoast are committed to high standards of information security, privacy and transparency; this includes complying with applicable GDPR regulations and our ongoing preparations include:
- AWARENESS: We have briefed our board and staff so they are aware of the risks to the business and what needs to happen over the next several months to become GDPR effective.
- SPONSORSHIP: We have appointed Board sponsor who supports and oversees all internal GDPR work programmes.
- STAFFING: We have appointed a working group responsible for GDPR who meet weekly to discuss progress on agreed actions.
- LEGAL OPINION: We have translated the GDPR into deliverables and functionalities so that Westcoast can align our compliance objectives, and mark progress against tasks as they are completed.
- PERSONAL DATA DISCOVERY: We are conducting a Personally Identifiable Information (PII) location / format / security assessment across all data using departmental representatives.
- PROGRAMME PREPAREDNESS: We are assessing exposure and potential mitigations (risk-based approach).
- POLICY GAP ANALYSIS: We are reviewing and updating our existing data protection policies, training, privacy notices etc. to be ready in time for the May 2018 deadline.
- TECHNICAL GAP ANALYSIS: Determining where IT solutions can accelerate GDPR effectiveness, and acquiring and installing these IT solutions and services.
- SECURITY CERTIFICATIONS AND IMPROVEMENTS: We continue to be committed to security, tools and data protection across the business (and will achieve security certifications to emphasise our data security controls).
- CUSTOMERS: We are aligning our commitments as a Data Processor and adhering to all mandatory requirements set out under GDPR.
You can download the full GDPR statement here
If you have any questions or suggestions, please contact email@example.com