Personal Data Processing Policy (GDPR)
Terms and Definitions
- “staff” and “users” means all of those who work under our control, including employees, contractors, interns etc.
- “we” and “us” refer to PersonoHR.
Overview
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25, 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.
The General Data Protection Regulation (GDPR). The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects. The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
PersonoHR places high importance on information security and within our organisation we already comply with an ISO standard that focus on information data security including ISO 27001.
PersonoHR are:
- Processors for our hosted client data.
- Controllers of our client and supplier contact information, required to; manage & deliver services under contract; manage customer requests & incidents.
- Controllers for personnel information in relation to PersonoHR employees
Our Approach
During our journey to GDPR compliance PersonoHR has been and is continuing to work very closely with a consultant to ensure we have the expertise required to implement the legislation requirements accurately and comprehensively.
PersonoHR view GDPR as a constant programme that will require continuous monitoring, management and improvement.
Actions Taken
- Information Audit – We carry out audits of information previously held and ensured that it is compliant with the new regulations.
- Policies and Procedures – We have revised data protection policies and procedures to meet the requirements and standards of the GDPR and ISO 27001.
- GDPR training and awareness – Internal staff briefings and training have been carried out and senior management are aware of their responsibilities.
- Supplier and Partners – Where required, GDPR supplier agreements are completed to ensure that our third party and suppliers are complying with GDPR.
- Technology Reviews- We are reviewing our technology platforms to analyse their operation, security compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risk.
Breaches of policy
PersonoHR will take all necessary measures to remedy any breach of this policy including the use of our disciplinary or contractual processes where appropriate.