Commitment to the General Data Protection Regulation (GDPR)
The European Union has taken a step in protecting the fundamental right to privacy
for every EU
resident with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
This is a privacy and data protection regulation that will be in force throughout the European Union (EU) and will be enforceable from May 25 2018. All EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed of. This rule clarifies how EU resident’s personal data laws are applied, internally within the EU and worldwide. Any organization that works with EU residents personal data in any manner, irrespective of location, has obligations to protect the data.
Hanson Creatives Ltd is aware of its role in providing the right procedures and security to support its members, customers and suppliers and help meet our GDPR obligations.
This new legislation supports and enhances the existing Data protection legislation and privacy as outlined in our . The present statement, policies and procedures are compliant with the 1995 EU Data Protection Directive (European Directive 95/46/EC).
To make Hanson Creatives Ltd compliant with our obligations under the General Data Protection Regulation we are taking the following steps as outlined in the ICO highlight document:
We have made sure that decision makers and key people within the company are aware that the law is changing to the GDPR and they all appreciate the impact that this is likely to have. We are undertaking training throughout the company on the GDPR and its impact on the policies, procedures, and responsibilities of our members.
Information that we hold
We document what personal data we hold, where it comes from and who we share it with. We have implemented an information audit.
Communicating privacy information
We are in the process of reviewing our current privacy notices and will be putting a plan in place for making any necessary changes in time for GDPR implementation.
We are checking our procedures to ensure they cover all the rights individuals have, including how we would delete personal data or provide data electronically and in a commonly used format.
Subject access requests
We are updating our procedures and planning how to handle requests for access within the new timescales and provide any additional information.
Lawful basis for processing personal data
We are identifying the lawful basis for our processing activity in the GDPR; we are documenting it and are updating our privacy notice to explain it.
We have reviewed how we seek, record and manage consent and are taking steps to implement the changes necessary.