The General Data Protection Regulation (GDPR) comes into force on May 25 2018 and will supersede the current Data Protection Act. The GDPR provides new rules for companies surrounding handling, processing and retaining data about EU individuals (data subjects) as well as providing data subjects with enhanced privacy rights.
The new GDPR legislation will apply despite Brexit and will impact every organisation which holds or processes personal data. The regulation introduces new data protection responsibilities, including the need to demonstrate compliance.
Here at Ten10, we are dedicated to maintaining high standards of data protection and information security and have already been actively working to becoming fully compliant in advance of GDPR being enforced. We also have an active ISO27001 accreditation project underway which further adds to the demonstration of our commitment to GDPR and information security.
We will comply with all applicable GDPR regulations, whilst also working closely with our employees, clients, associates, suppliers and contractors to ensure we meet all contractual and legislative obligations for all processes, procedures and services.
GDPR project activity
- Detailed review and risk assessment of all suppliers, tools and technologies.
- A full review, re-write and update of our policies and procedures to help ensure that data is handled appropriately and is GDPR compliant.
- A review of all contracts held with third party suppliers and clients, to ensure that data is adequately protected and handled.
- Review and assessment of all our data collection, use, transfer, disclosure, and disposal policies and procedures for compliance with the GDPR
- Implementation of a new compliancy process.
- Under the GDPR, data subjects will have the right to access, correct, erase, object to, or restrict processing of their personal data. In order to manage this correctly we have implemented new, and improved upon existing, policies and procedures, to help ensure that we respond appropriately to data subject requests. For more information please email: SAR@ten10.com
- Implementation of a data breach response procedure to help ensure that breaches are discovered, contained, and remediated, and that notice is provided to individuals and the appropriate authorities. For more information please email: email@example.com
- Website updates to ensure it is fully GDPR compliant, including an updated Privacy Notices and Cookie Collection Policy for complete compliance and transparency.
- Revising, re-writing and embedding our Data Protection Policy and external privacy notices.
- Planning of communication and training programmes for employees.
- Communicating with all our employees, clients, suppliers, contractors and contacts regarding GDPR and ensuring that all contractual documentation is fully compliant.
ISO27001 & GDPR
Ten10 is currently in the process of implementing a robust Information Security Management System (ISMS) in accordance with ISO27001. In order to ensure compliance, we will be implementing additional or augmented company-wide controls to meet GDPR requirements within our ISMS.
Led by our ISO Project Team, we are updating existing information security policies, process and procedures that build upon our existing systems as well as adding new ones where required.