With the introduction of GDPR moving ever closer, our clients have not just been asking for help with ensuring their business is compliant; many also want to know the steps Gallagher are taking to comply with GDPR. This update is designed to give you an overview of the main activities we are carrying out to ensure compliance with the new regulations.
What is the GDPR?
GDPR is a major change to existing data protection law which comes into force in the UK on 25 May 2018. GDPR builds on the current laws, but offers more clearly defined requirements of companies who process personal data. It also offers enhanced rights to data subjects.
What are we doing to be compliant?
We have a dedicated project team (which is sponsored at board level) that has reviewed our current data protection practices against the new requirements coming into force in May. Over the coming months, we will be looking at our existing business processes and ways of working:
- Refreshed privacy notices, documentation and websites to ensure transparency about data processing
- Implementing explicit consent with regards to collecting sensitive data
- Development of processes to support the new rights for an individual who is the subject of personal data
- Development of processes to demonstrate that we are complying with data management requirements
- Development of processes to ensure we are notifying any data breaches to individuals affected as well as regulators, within 72 hours
- Increased focus on operational due diligence and contractual provisions for third parties who handle personal data on our behalf
- Increased focus on our IT and technology systems regarding the protection of personal data
- Educating and informing our colleagues on the changes we’re making – this includes training.
We also have a dedicated Data Protection Office, who will continue to monitor our data protection obligations and compliance after 25 May 2018, when GDPR comes into effect.
Download the Gallagher's Commitment to GDPR Compliance.pdf