Commitment to GDPR
- Commitment prepared by: John Moore, Managing Director
- Approved by Director on: 22 December 2017
- Next review date: 22 December 2018
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Exponential Training will comply with applicable GDPR regulations when they take effect on 25th May 2018. Working in conjunction with our clients, we will explore opportunities within our services offerings to assist our customers to meet their GDPR obligations.
What Are We Doing to Ensure Compliance?
At Exponential Training, we are committed to protecting and respecting the privacy of individuals and take our obligations under data protection legislation seriously. We already manage personal data in accordance with the industry standards. We understand and welcome the high standards that GDPR will promote and encourage across all organisations that process personal data.
To ensure our readiness for GDPR, we have in place a project team which, carried out a gap analysis assessment which helped us to identify the following key priorities:
- Modify and fine tune our existing management systems, processes and policies to ensure that we are GDPR-compliant.
- Ensure that our employees and associates are fully aware of the new obligations that GDPR will introduce and ensure that there is accountability and shared responsibility for ensuring compliance, from Board level and throughout the Company.
- We understand the importance of good data practices to our customers and are on hand to support our customers through their GDPR-readiness journeys.
Some of the specific initiatives that we are currently progressing include:
- Data Review – An extensive review of all personal data we hold, as we prepare a detailed data roadmap which outlines where this data is held, why we hold it and for how long.
- Process Updates – Updates to our existing procedures to ensure we have the tools to maintain compliance with GDPR. This includes the review of our existing policies such as our data security and incident response plans.
- Improved Subject Access – Updates to our existing subject access request processes to ensure that it is easier and quicker for data subjects to exercise their rights.
- Review of consents – Review of our existing marketing practices, and associated consents, to ensure that these are transparent, fair and GDPR-ready.