By Stephen Donohue, Sales Director
With the GDPR virtually upon us, we thought it timely for an update on our journey. When we first became aware of the GDPR over 12 months ago, it would be fair to say that information seemed a little vague to begin with.
Thankfully, this has quickly gathered momentum and we can now find an abundance of information available. Now it is important to get the right guidance because there are many ‘experts’ in the field so we always recommend the ICO website as the official resource.
So back to Box-it North West and the GDPR, our first task was to identify how it affected us as a business. We are of course a service provider, and our business as a whole means we are both ‘controllers’ and ‘processors’ of data. So, we have a commitment to our staff as an employer and to our clients for whom we provide services, to ensure we are GDPR compliant.
As a group, Box-it identified ‘GDPR champions’ to ensure a point of contact within each regional office. (I am that person for Box-it North West!) A Data Protection Officer (DPO) was also assigned at our Box-it UK Head Office. Furthermore, we have approached all our clients informing them of what we have achieved, and what we intend to achieve on our GDPR journey. As part of this, we issued our clients with documents to ensure that all their contact details were up-to-date and correct.
We have also issued our suppliers with letters and questionnaires to ensure they are compliant; and have conducted GDPR training sessions with both our operations and office staff to ensure they understand its principles and importance. They, like all of us here, are of course ambassadors for Box-it North West.
Our clients have been issued with Box-it North West’s statement of GDPR compliance and we are pleased to say, that we recently completed ISO 270001 for which we are awaiting official certification. Our terms and conditions have been updated and issued to our clients.
Box-it North West has completed a pre-GDPR internal audit and produced an action report which identified the areas requiring attention to ensure compliance, which will assist us in building our ROPA (Record of Processing Activities).
Data Protection Policy
Data Retention Policy
Breach Management Process
Subject Access Request Process
In short, Box-it North West is all prepared for 25th May 2018 when the GDPR becomes legislation.Posted on: May 17th, 2018