Statement from Jones & Co (Nottingham) Ltd regarding compliance with the General Data Protection Regulation (GDPR).
As a company we are aware of our responsibilities under GDPR and have prepared the following self-declaration to demonstrate what actions we have taken towards compliance.
- Reviewed our Data Protection Policy to ensure we do not retain any data longer than is appropriate and a legal requirement.
- Removed all pre-filled tick boxes for “opt in” consent from our website.
- Amended our internal processes and procedures to establish who has access to what data within our company to minimize handling of sensitive personal data and how long it is retained for.
- Worked at Director level to ensure we maintain GDPR compliance.
- Trained all our staff to understand GDPR and the key concepts of Privacy Impact Assessments, Privacy by Design, Transparency, Consent, Subject Access Requests and Responding to Data Breaches.
- Created a system for dealing with any Subject Access Requests that individuals may make related to the data we hold about them.
- Established formal contracts that all suppliers we use who handle data about our company are aware of their responsibilities under GDPR and comply as Data Processors.
- Established a process for undertaking regular Internal Audits that will include checking GDPR compliance.