This work led to us satisfying the British Standards Institute surveillance and retaining our ISO9001:2015 accreditation in January. The report concluded: “The organisation’s outstanding performance against its quality and compliance objectives is testament to an effective management system.”
General Data Protection Regulation, or GDPR, consumes their time now and until its launch on 25 May. Ema sits on the Credit Services Association’s working committee for GDPR and is well qualified to meet its obligations.
As you may know, GDPR requires a range of principles for using and storing personal data:
– processing must be fair and lawful
– used only for one or more specified purposes
– adequate, relevant and not excessive
– accurate and, where necessary, kept up to date
– retained no longer than is necessary
– secure, to prevent unauthorised or unlawful processing, loss or destruction.
The Information Commissioner’s Office (ICO) champions Privacy by Design that we adopt for all project plans including GDPR. All projects begin with a Privacy Impact Assessment (PIA), a process that helps to anticipate and address the likely privacy impacts of projects, to foresee problems, develop solutions, and ensure we address concerns appropriately.
Conducting a PIA will assist in ensuring a new project is compliant and minimises privacy risk; an essential step in our journey to compliance with GDPR, and the protection you demand.
Comments are closed.