GDPR Policy Statement - Preparation
22/05/18Comice Computing Associates Limited and Comice Limited already have a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR by 25th May 2018
Our GDPR Statement includes: -
• Information Audit - All information stored within the company is used for processing, basic accounting functions of invoicing, payment purposes and in the running of payroll. We do not disclose this information to any other parties.
• Policies & Procedures - [revising/implementing new] data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: -
o Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
o Data Retention & Erasure – we have updated our retention policy and schedule to ensure should we handle data that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We no longer process our clients data on-site and all work on Clients information is carried out on-site under their security provisions.
o Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. We have renewed our communications equipment – routers and firewalls to secure all our internal networks. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
• Direct Marketing – we do not utilize any form of direct marketing.
• Data Protection Impact Assessments (DPIA) – we do not consider we process personal information that is considered high risk for any organization or persons.
• Processor Agreements – we do not use any third-party to process personal information on our behalf.