The EU's new General Data Protection Regulation (GDPR) rules are coming into force imminently, and at Winns we have been hard at work to make sure that we are leading the way in data compliance.
In order to make sure that we are handling the data of our clients and employees correctly and in accordance to the new regulations, Winns has appointed a specialist GDPR compliance team – Deborah Henning and David Office.
Coming from backgrounds in compliance & employment law and IT respectively, Deborah and David's blend of skills has allowed them to learn from each other and work together in harmony to assess all of our data storing and handling processes.
“The coming GDPR rules are a bit of a watershed”, explains Deborah. “The day they become enforceable is the 25th of May 2018, and that's D-Day for us, we will be up and running with compliance by then.
“From the moment the new laws come in, the data subject's rights are enhanced and the fines for mishandling that data can be significant. Needless to say that's quite a scary prospect, so we are making sure that we get matters right from the off.”
In order to be appointed to the task of ensuring GDPR compliance, both Deborah and David were required to complete a training course facilitated by GCHQ, the Government Communications Headquarters. A rigorous assessment for sure, but one that demonstrates that our team meets the highest possible standards.
So, how did the team even begin to tackle the issue of GDPR Compliance?
“We've carried out an information audit to find out what data we've got,” elaborates David, “We've reviewed and enhanced our suite of processes, which has been a large task but one that's been enjoyable and entirely necessary.”
We are dealing with a lot of client data, so everyone needs to know how to use it mindfully, and in a way that protects the rights of the data subject.”
Of course, being GDPR compliant is about more than giving consent for personal data storage and controlling how it is managed, it's also about better safeguarding physical documentation. To that end, David and Deborah have also been taking efforts to ensure that all staff members are more conscious about how they use and look after documents that they are working with.
With the deadline for GDPR rapidly approaching, Deborah and David are already looking ahead to the next compliance issue, aiming to gain Cyber Essentials Plus and ISO 27001 accreditation later this year.
With a dedicated focus on compliance, Deborah and David are working hard to make sure Winns is as data-safe as possible, both now and in future.