Tangible will comply with applicable GDPR regulations as a data processor and controller when they take effect on 25th May 2018. In conjunction with our clients and partners, we are currently working through the requirements to understand how they will impact on our business.
Where do we stand?
We are committed to address EU data protection requirements applicable to us as a data processor and controller. These efforts have been critical in our ongoing preparations for the GDPR:
Data controller: We collect, store and manage Personal Data in an unbiased and secure way, and we only use it for purposes that we have informed subjects about and sought consent for, following the principles of Data protection by design and default.
Data processing: Our ability to fulfil our commitments as a data processor to our clients, the data controllers, is a part of our compliance with GDPR.
Where do you stand?
As a current/future client or partner of Tangible, now is a great time for you to begin preparing for the GDPR as a data controller or processor.
Consider these tips:
Get to know GDPR: Familiarise yourself with the provisions of the new regulation. Particularly, how it may differ from your current data protection obligations and consider the relationships you have with both your clients and partners. Be aware that new requirements may require new solutions that meet the stringent requirements ahead.
Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal information that you control. Review your current controls and processes to ensure that they are adequate, and build a plan to address any gaps.
Here are some steps you can take today:
1. Review your processes
2. Review your process documentation
3. Ensure you have a lawful basis for processing the data
The ICO overview highlights the key themes of the General Data Protection Regulation (GDPR) to help organisations understand the new legal framework in the EU:
https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
What’s next?
We will continue to make additional required operational changes resulting from the new legislation and will keep our clients and partners informed throughout this process.