SchemeServe and the GDPR
Last modified: 27th February, 2018
We take our responsibilities under GDPR seriously. That’s why we have started on a programme to identify what changes we need to make to be compliant with the GDPR, and are working to get them done in time for May this year. Here is a quick summary of what we’ve done to date:
- We spent 2 days with a couple of lawyers that wrote the GDPR, to make sure we have it ‘from the horses mouth’.
- We conducted a comprehensive GDPR audit and gap assessment and built an internal plan to work towards compliance with GDPR by 25 May 2018.
- We have started internal education to get GDPR-focused training across key areas of our business.
- Our developers and security people are making the necessary changes/improvements to SchemeServe.
- We’re running a data-mapping exercise that tracks personal data throughout SchemeServe.
- We’re reviewing our key third-party supplier arrangements so we have the appropriate contractual protections in place to satisfy GDPR requirements.
- We’re fine tuning procedures to deal with some data subject rights, like subject access requests and the right to ask to be deleted.
- The offering of independent Data Protection impact assessments and Data Protection Officers to our customers
the main this we will be working on next are:
- Updating our customer facing policies to be GDPR compliant and publishing those ahead of the GDPR effective date.
- Sort out a GDPR compliant data retention policy.
- Update our data breach handling processes so they fall in line with whats needed for GDPR.
- Running some company wide, and customer facing data protection training relating to using SchemeServe.
- Extending our privacy by design ethos into customer facing tools