We take our responsibilities under GDPR seriously. We have been working on a program to ensure that we will be ready for compliance with GDPR by 25 May 2018 this year. Here is a quick summary of what we’ve done to date:
- We conducted a comprehensive GDPR audit and gap assessment. Following the gap assessment, we created an internal roadmap to work towards compliance with GDPR by 25 May 2018
- We conducted a comprehensive data-mapping exercise that tracks personal data flows throughout our systems and services.
- We have engaged with all key third-party vendors to make sure we have the appropriate contractual protections in place that satisfy GDPR requirements
- We have put in place procedures to deal with data subject rights, like subject access requests and the right to request deletion
- We have developed internal policies which map out internal responsibilities for all tasks related to the policy
- We’ve updated our incident response procedures to bring them into line with GDPR
- We’ve implemented a training program for all staff to be aware of their responsibilities under GDPR
- We’ve implemented a data protection impact assessment procedure and integrated that into our system and product development
- We will be publishing our updated privacy notice by 25th May and this policy is written in plain language to be clearer, more concise and transparent about how we process personal data