About

As well as providing training and a GDPR Toolkit (details below) I also provide extended support to people who have attended training, bought the toolkit, or just need some friendly guidance. The GDPR Toolkit can be found here http://www.adaptconsultingcompany.com/gdprtoolkit/ Jersey Business as supporting the GDPR Training and they can be found at https://www.jerseybusiness.je/get-advice/it-office-systems/data-protection-small-business/

Monday, 5 February 2018

When should I write to the people who hold or process my data?


QUESTION

When should I write to the people who hold or process my data?

ANSWER

Now

Organisations are obliged to check that where other people hold data for them (eg backups) or process it for them (eg payroll)  the other person (data-processor) keeps it private, safe and secure.

This guidance is useful

See Page 19 “This is because Article 28.1 says that you must only use a processor that can provide sufficient guarantees in terms of its resources and expertise, to implement technical and organisational measures to comply with the GDPR and protect the rights of data subjects.”

Many organisations have a “standard sheet” that explains that they have all the latest technology and certifications and company with GDPR . If they don’t you might write a letter something like this…

Dear xxxxxx

At  xxxxxxxx we are getting ready for General Data Protection Regulation (GDPR).
We have recently been mapping the step-by-step processes as people arrive, stay and eventually leave and looking at what data is held by whom, why and how it is used. Understanding this helps set-up the right roles, goals and controls to ensure that personal data is private, safe and secure.

We use your xxxxxxxxxxx system for processing xxxxxxxxxxxxxx

Can you summarise your policy, procedures and measures as regards Data Protection and Information Security? Do you have Cyber Essentials or Cyber Essentials-Plus? Or perhaps ISO 27001?

Does your contract cover Data Protection, and the data-processor arrangements as regards privacy, security and processes in relation to subject-access-requests or breach notifications?

I am keen to have something that I can refer to for GDPR Compliance.

Yours Sincerely

xxxx

NEED SUPPORT WITH GDPR?     
   
Jersey Community Partnership and Association of Jersey Charities are looking to co-ordinate resources and suppliers, and there may be grant funding available.
Jersey Charities Q&A

Jersey Data Protection Association list of GDPR events

Data Protection Reform in the Channel Islands

CONTACT

TimHJRogers@AdaptConsultingCompany.Com
+447797762051 Skype: timhjrogers TimHJRogers@gmail.com



No comments:

Post a Comment