Issued: June 2018
The General Data Protection Regulation 2016 (‘GDPR’) was brought into UK law as part of the Data Protection Act 2018 and became effective on 25th May 2018. The purpose of the GDPR is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge and, wherever possible, that it is processed with their consent.
The GDPR applies to the processing of personal data wholly or partly by automated means (i.e. by computer) AND to the processing other than by automated means of personal data (i.e. paper records) that form part of a filing system or are intended to form part of a filing system.
We are committed to compliance with all United Kingdom and relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR). Ongoing compliance is embedded into the fabric of our organisation.
Our Current Position
One Team Logic is registered with the UK Information Commissioner’s Office both as a Data Processor for our customers’ data and as a Data Controller for our own company’s data.
We have already been awarded two specific accreditations for information management, the first of which is ISO27001:2013, the latest version of this internationally recognised information security standard. ISO27001 requires us to comply with 114 individual controls covering every aspect of information management and security.
We also hold the UK Government’s ‘Cyber Essentials Plus’ certification, against which we are independently audited on an annual basis. Part of this audit involves external penetration testing of our own network and systems to prove that data is held securely.
As a result of our own assessment and the independent inspections that we have undergone we are confident that our systems and operations are fully compliant with current Data Protection Act legislation and that we are already compliant with the GDPR.
How we ensured compliance
To ensure that we are fully GDPR compliant well in advance of the ‘go live’ date of 25th May 2018 we undertook a comprehensive, structured programme of work including:
- A GDPR gap analysis on all of our policies, procedures, work instructions and records;
- A formal review of how GDPR impacts on all of our products and services;
- Implementation of a GDPR Compliance Framework;
- An assessment of the potential impact of GDPR on our customers;
- Gaining confirmation from our suppliers regarding their commitment to GDPR;
- Review of our processes, procedures and contracts by a qualified solicitor with expertise in data protection legislation;
- A training and development programme for every member of our team.
Need more information?
Our Senior Information Risk Officer (SIRO) is Darryl Morton, our Director of Operations and Security. Darryl has Board-level responsibility for all of our security and data protection arrangements. He is supported by a full-time Systems Administrator and Data Protection Officer who has direct responsibility for ensuring that we comply with the GDPR.
For further information please contact us at firstname.lastname@example.org.