Here at Indigo Group we understand and respect the importance of protecting data and being at the forefront of the latest compliance responsibilities. It’s an opportunity to ensure a stronger level of data protection and privacy is implemented for the benefit of all.
We have compiled a short summary of what GDPR is and how we’re getting ready for the data protection reforms and keeping employees’ and clients’ personal information secure.
Data Protection Laws changed on 25 May 2018 and organisations needed to be ready for the General Data Protection Regulation (GDPR).
It is a new, European-wide law that replaces the Data Protection Act 1998. It places greater obligations on how organisations handle, store and share personal data.
A higher level of responsibility is placed upon data controllers (persons who are responsible purpose for which, and the manner in which, personal data is to proceed) under the new legislation, and as both a controller and processor of our users’ personal data, we are committed to data security and respecting rights under the GDPR.
The Indigo Group has been implementing organisational and technical measures since 2017 to ensure that we were GDPR compliant when the regulation became enforceable on May 25th.
We will be appointing a Data Protection Officer and a cross-functional GDPR group has already been established. All staff have received GDPR compliance education and training to improve their awareness and preparation, and a set of Company GDPR Procedures and Policies have been rolled out to stakeholders.
As per the requirements of GDPR, we have established processes for mapping all personal data (information held, where it came from and who we share it with), incorporating security, ensuring strictly limited data access and on-boarding external partners within a GDPR framework. Any new propositions and processes adopt ‘Privacy by Design’ principles and data protection impact assessments within our development cycle.
To further protect individual’s rights, we will easily facilitate any requests to access, delete, modify or transfer personal information whilst being explicit and transparent about the lawful basis for which we’re processing it. We’ve also updated our Privacy and Terms Statements along with our data breach policy to meet the new GDPR requirements.
If you have any questions, please contact us: firstname.lastname@example.org