IT Champion GDPR Compliance Statement

Click here to download this information as a PDF.

Background and preparation for GDPR

The General Data Protection Regulation (GDRP) regulation was adopted on the 14th April 2016 and following a two-year transition period, becomes enforceable on the 25th May 2018.

GDPR of course is not the first piece of legislation produced by the EU to govern how organisations must manage data with notable legislation in 1995 (EU Data Protection Directive (95/46/EC), 1998 Data Protection Act (UK DPA 1998) and the Human Rights Act (HRA 1998) and the 2000 EU Charter of Fundamental Rights of the European Union. IT Champion is registered with the Information Commissioners Office, registration number ZA095877

IT Champion takes seriously its responsibilities over any regulation relating to Data Protection and has been fully committed to the understanding and compliance of any historical data protection regulation and has been preparing for GDPR following its announcement in 2016.

Like every organisation that handles personal data, the regulation does impact IT Champion.

Preparation for GDPR has mean a complete review of the systems, processes, procedure and documentation used and this has had a positive impact with many of the changes implemented for GDPR adding value to other parts of the business.

GDPR Principles

1.       Processed lawfully, fairly and in a transparent manner

2.       Collected for specified, explicit and legitimate purposes

3.       Adequate, relevant and limited to what is necessary

4.       Accurate and, where necessary, kept up to date

5.       Retained only for as long as necessary

6.       Processed in an appropriate manner to maintain security

GDPR acknowledgement

IT Champion acknowledges that it is both a Data Controller and Data Processor of personal data and is fully committed to compliance of the regulation.

Further useful information can be found here:

https://www.it-champion.co.uk/legal

The actions taken so for GDPR compliance are noted below.

  • We have reviewed and updated our policies including but not limited to our Information Security Policy, Privacy Policy, Data Breach Policy and Subject Access Requests.
  • We have undertaken a comprehensive data mapping of the personal data we store, manage, maintain, collect, control and process.
  • All third parties whose systems we use have reviewed for their compliance with GDPR and their ongoing commitments relation to the regulation.
  • We hold a valid Cyber Essentials certification (see below) and are committed to the annual review and renewal of this certification along with any enhancements this process delivers.
  • A Director of the company has completed professional training and been awarded the EU General Data Protection Regulation Foundations (GDPR F) certification to ensure detailed in-house knowledge is held.
  • We have updated our legal documentation to ensure compliance and where necessary, our clients will receive enhanced documentation.
  • We have implemented enhanced security procedures and solutions, and will continue to implement solutions as appropriate.
  • We have provided initial training to our team around GDPR and are committed to scheduled and ongoing training as the regulation evolves.

https://www.gasq.org/en/registration/expert/expert/D5C609C9-F0BD-40F5-9C1E-3AB65C57E027.html

https://ico.org.uk/ESDWebPages/Entry/ZA095877

 

Useful information around GDPR

ICO UK www.ico.org.uk

ICO GDPR Guidance & Information https://ico.org.uk/for-organisations/data-protection-reform/

ICO 12 step guide https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

ICO Security Breach Reporting https://ico.org.uk/for-organisations/report-a-breach/ 

Click the image to access our Privacy  Statement