GDPR Assurance Statement
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018, extending the privacy rights granted to EU individuals. This legislation will be included in UK law regardless of the decision to leave the EU. The GDPR will place many new obligations upon organisations that process EU personal data.
Professional Financial Centre (East Midlands) Limited is committed to compliance with all applicable GDPR obligations as both a Data Controller and a Data Processor. As a company we consider ensuring the privacy of individuals to be of utmost importance, and aim at all times to uphold high standards of security and compliance. Here we outline the measures we have put in place to ensure that these standards continue with the introduction of GDPR.
GOVERNANCE & PROCESSES
Professional Financial Centre (East Midlands) Limited has taken the opportunity provided by the introduction of the GDPR to perform a full review of our current processes relating to compliance and governance. We are pleased to report that our company has a robust and thorough compliance structure, which has only been strengthened by the new obligations arising from the GDPR. Internal policies have been updated to reflect these obligations, privacy statements have been produced, and we continue to invest in and train our staff to be the very best that they can be. Most importantly, we believe wholeheartedly in a Privacy By Design attitude, and this has been embedded into all of our processes to ensure that data privacy is of paramount importance.
We are in the midst of ensuring that all contracts between Professional Financial Centre (East Midlands) Limited and third party data processors contain correct and appropriate contractual terms that support the GDPR principles. We are confident that Professional Financial Centre (East Midlands) Limited will be fully compliant with GDPR by 25 May 2018.
Professional Financial Centre (East Midlands) Limited continually seeks to protect the personal data that we process. Our current security measures are maintained and reviewed on an ongoing basis in order to highlight any areas for improvement. Whilst we currently utilise appropriate technical and organisational security measures to protect against loss, accidental or unlawful destruction, misuse, or unauthorised disclosure or access of personal data, further measures have been put in place through our GDPR review, and we are satisfied that our data security is of an extremely high quality.
DATA SUBJECT RIGHTS
Professional Financial Centre (East Midlands) Limited will comply with and support all rights afforded to individuals beneath the GDPR where this is possible. Not only are these rights highlighted to individuals as part of our Privacy Notices, but we are committed to working with individuals in order to meet these rights. The handling of Data Subject Access Requests and Data Portability Requests are subject to specific procedures, and our data retention periods are clearly explained. Where we provide advice regulated by the Financial Conduct Authority we are obligated to retain data indefinitely.
Professional Financial Centre (East Midlands) Limited will abide by its obligations beneath the GDPR in regards to data breaches. Where we act as the data controller, we will, if relevant, inform the ICO and/or the data subject within the appropriate timeframes. Where we act as the data processor, we will notify the data controller without delay, including full details of the breach alongside proposed and imposed measures taken to limit harmful effects.
A data processor can be an organisation or a third party provider who processes data on behalf of another organisation. Where Professional Financial Centre (East Midlands) Limited appoints data processors we are working with our providers/supplier to ensure that the data in question is processed as per the GDPRâ€™s requirements by way of appropriate contractual terms. Where we act as a data processor we shall continue to strive to maintain and continuously improve our security measures in order to maintain data privacy and ensure compliance with GDPR.
As ever, Professional Financial Centre (East Midlands) Limited is committed to providing excellent service by way of investing in our people. Training is an important ethos that we hold as a company, and we ensure that each member of our team has up-to-date working knowledge of data protection law at any point. GDPR training has therefore been provided to our employees, as well as full exposure to the new obligations and processes. Data security and protection are discussed regularly, and privacy of our clients is paramount to each team member.
DATA PROTECTION OFFICER
To highlight our commitment to abiding by GDPR and ensuring data protection at all points Professional Financial Centre (East Midlands) Limited has a designated Data Protection Officer. Our Data Protection Officer holds full responsibility for all matters relating to data protection and GDPR compliance. They will monitor compliance, ensure accountability and transparency, and be the main point of contact for any individual or organisation seeking to discuss data protection.
Professional Financial Centre (East Midlands) Limited will ensure at full compliance with all aspects of GDPR at every step. We are prepared to continually improve upon any and all policies from 25 May 2018 onwards, and commit to holding the privacy of the data we control and process to the very highest standards.
Should you have any questions or wish to discuss any aspect of this Assurance Statement further, please contact our Data Protection Officer Halina Johnson at firstname.lastname@example.org.