GDPR aims to make data protection regulations:
- More relevant: Updating data protection standards to make them more suitable for today’s world.
- More comprehensive: Remedying some of the perceived deficiencies of the current Data Protection Directive.
- More unified: Achieving a better, more harmonised standard of data protection.
What does GDPR change?
GDPR means significant change, but it’s a great opportunity for companies to take stock of their current data processing activities and make sure they’re protecting customer data appropriately.
Demonstrable compliance: While many organisations already do the right thing when it comes to personal data, GDPR requires organisations to document and be able to show how they comply with data protection requirements. This means additional documentation of systems, processes, and procedures.
Enhanced rights: On top of existing rights, like the right to access and correct personal data held by an organisation, GDPR introduces new data protection rights for individuals such as the right to obtain and reuse personal data across different services, and the right of erasure.
Privacy by design: Organisations must implement technical and organisational measures to show they have considered and integrated data compliance measures into their data processing activities. This builds on the idea that privacy should be considered from the start (and throughout) the systems and product design process.
What is Podfather doing about GDPR?
At Podfather, we take our responsibilities under GDPR seriously. To fully comply Podfather shall:
- Keep all personal information (including employee information) secure, regardless of its format or category, or the process or activities which use it, to prevent accidental or unauthorised loss, theft, or breach.
- Maintain a full and accurate inventory of all personal data which is under its control.
- Provide regular data protection training to all personnel and third parties who are engaged in delivering any activity which involves the processing of personal data.
- Provide specific data protection training for those employees with specific GDPR responsibilities, including Senior Management and the organisation’s GDPR Lead.
- Ensure that all data processing activities are subject to full and accurate Data Protection Impact Assessments, and promptly act to remediate the findings of such assessments.
- Ensure that personal data processing activities are afforded suitable protection by conducting risk assessments of the physical, technical and personnel elements of the activity.
- Validate that personal data is afforded the protection which is documented within the Acceptable Use Policy and Access Control Policy.
- Only process personal data for legitimate business purposes.
- Ensure that all personal information is properly returned or effectively deleted or destroyed when it is no longer required.
- Implement a suitable mechanism and supporting records for recording data subject consent for the processing of their personal data and using these records as a reference point when deciding how personal data is to be processed.
- Clearly communicate to data subjects how their personal data is to be processed, where it is to be transferred to (if applicable), and their rights as data subjects.
- Ensure that third parties involved in personal data processing activities understand this Policy and related GDPR documentation and can evidence their own levels of GDPR compliance.
- Ensure that effective processes, technical controls and competent resources are in place to undertake tasks promptly and diligently related to delivering the rights of data subjects.
- Implement effective processes and monitoring controls to provide protection for personal data, and to detect any loss, theft or data breaches.
- Undertake to promptly report any actual or suspected data breaches to the Information Commissioner’s Office within the required timeframes, and to communicate the breach to affected data subjects.
- Willingly and fully co-operate with any investigations into data breaches as may be required by the Information Commissioner’s Office.
What is Podfather doing about PECR?
At Podfather, we take our responsibilities under PECR seriously. In addition to our GDPR commitment, Podfather shall do the following to fully comply with The Privacy and Electronic Communications (EC Directive) Regulations 2003:
- Adhere to the guidelines outlined in the ICO’s direct marketing checklist.
- Only send email communications to corporate email addresses.
- Ensure all marketing emails have an ‘opt out’ feature.
- Not email individuals who have specified they wish to opt out.
- Have email opt out at both company and individual employee level.
- Only cold call landline numbers shown on company websites.
- Only send relevant information to carefully selected contacts where there is a genuine legitimate business interest in us doing so.
Any questions related to the operation of this policy should be directed to the GDPR Lead. The GDPR Lead can be contacted using the email address: firstname.lastname@example.org
Ready to start your journey?
We’d love to show you how we could help your business through improved logistics planning. Get in touch today and let’s talk about what challenges you are currently facing in your business and how we could help you to overcome them.