Our GDPR Compliance Project

The General Data Protection Regulations is coming - are you ready?

Protecting our customers’ data is a high priority for us here at RLS Computer Services. With the General Data Protection Regulation (GDPR) coming into effect in May 2018, we see this as an opportunity to strengthen our commitment in the area of data security.

What is the GDPR?

In the UK, the Data Protection Act 1998 (DPA) is a law introduced to protect personal data stored on computers or in an organisation filing systems. Its purpose was to control the way information is handled and gave people “Data Subjects” legal rights over the purpose, lawfulness, accuracy, period and what information was held about them.

Since the birth of the DPA, technology has moved on dramatically. Social media, Internet presence, mobile technology and CCTV have all emerged and grown and the act is long overdue an overhaul.

Enter, The General Data Protection Regulation (GDPR), which comes into force 25 May 2018, the new law applies to data processing carried out by organisations operating within the European Union (EU), It also applies to organisations outside the EU that offer goods or services to individuals in the EU. The government has already decided that “Brexit”, will not affect the commencement of the new law, in fact we “may” also see introduced on the same day the UK’s Data Protection Bill, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.

So simply put, GDPR, and the forthcoming Data Protection Act 2018, expand the privacy rights granted to data subjects (EU/EEA individuals) and place greater obligations on organisations who handle personal data of those individuals (data controllers and processors), wherever those organisations are based.

What we’re doing to comply with GDPR?

The task of compliance can be long and complex, so we have taken steps to make changes to our policies, procedures and systems to ensure that we comply with the Regulation and continue to put data protection first.

Some of the steps we have taken and are taking include:

  • mapping all data handled by us and our suppliers
  • analysing GDPR requirements against our current processes and policies
  • making changes to our policies and procedures in line with requirements
  • making appropriate changes to our software tools and services
  • making sure our suppliers (“Processors”) are also compliant
  • reviewing and updating contracts, as and where appropriate
  • training all staff on the requirements of GDPR and our data privacy procedures.

But be assured, Organisations must ensure that they are compliant with the provisions of the new regulations when it comes into force, however the requirement to be compliant doesn’t end on 25 May. While there are a tick list of things to be done, our approach is not only to become compliant, but also reach beyond and gain certification in cyber security which will in turn assure our customers of compliance with our implementation to “Privacy by design and default”. This means we will implement technical and organisational measures to provide customers assurance of our security standards .

We hope to have all our policies and procedures in place before the 25 May and will keep you posted on our developments.

Social Share Toolbar

One thought on “Our GDPR Compliance Project

  1. We have updated our Privacy Policy, which will go into effect on May 25, 2018. Please read our summary below:

    WHO ARE WE
    RLS Computer Services Ltd. trades under RLS Computer Services, RLS Computers and RLS and is a company registered in England with limited liability under number 08541079, whose registered office is at 30 Market Place, Swaffham, Norfolk, PE37 7QH. Our current ICO registration number is ZA006076.

    YOUR RIGHTS
    You have the right to be informed, have access, have a copy and make changes to your personal information. You can also object to us using your information, ask for it to be deleted or restrict information we use. You have the right to complain to us or the data protection regulator (ICO).
    HOW WE GATHER PERSONAL INFORMATION
    In addition to information you provide to us directly, we collect personal information in a few ways. For example, when you complete a feedback form. For safety and legal reasons, we also collect personal information by recording and monitoring calls and from CCTV. We also record calls for training and quality purposes.

    HOW WE USE PERSONAL INFORMATION
    We use your personal information to provide you products and services, to comply with a law and enforce our legal rights. Sometimes we use automated processes in our feedback and newsletters in profiling you.

    OUR PRODUCTS AND SERVICES
    We need some personal information before we can provide you with our products and services. For example, we need a valid email address to provide you access to our web portal and to communicate with you.

    SHARING AND TRANSFERRING PERSONAL INFORMATION
    We share some personal information with our suppliers and third parties where needed to provide you with the best products and services. sometimes, we also share information with regulators and law enforcement. In some cases, we transfer personal information to other counties outside of the UK where suitable protection is in place.

    KEEPING PERSONAL INFORMATION & SECURITY
    We keep your personal information securely and for only as long as we need to. We use many security measures including encryption, secure web access and ISO 27001 certified data centres.

    YOUR CONSENT
    Sometimes we need your consent to use your personal information. for example, for marketing purposes. Where you have given us consent, you have the right to withdraw it at any time.

    OUR PARTNERS
    We want to offer our customers the best products and services so work with other companies to offer just that. Where we need to share your personal information with them we will make sure they also comply with the new regulations.

Leave a Reply

Your email address will not be published. Required fields are marked *