General Data Protection Regulation

We have made changes to ensure that we are compliant with the new General Data Protection Regulation (“GDPR”), that came into force on 25 May 2018.

We have appointed a Data Controller and Data Protection Officer and we are providing all the necessary in-house training to employees.

We have mapped our data processes and are making changes to ensure we are GDPR compliant, including:

• We are ensuring we have the correct lawful basis for the collection of personal data
• We are reviewing all our retention policies and amending where required to ensure they are appropriate
• We are enhancing our record-keeping practices to ensure we can demonstrate accountability for compliance
• We are making sure that any third parties that are storing or otherwise handling personal data on our behalf or to whom we transfer personal data have appropriate safeguards to ensure GDPR compliance. We are achieving this through (where appropriate) questionnaires, audits and enhanced contractual provisions or agreements
• We are making further improvements to our security policy to ensure all the data we store is as secure as possible

We are updating our current policies/documentation and processes and introducing new policies/documentation and processes, including:

• Website & Customer Privacy Notice, Privacy Notice for Suppliers & Privacy Notice for Consultants
• Terms & Conditions
• Data Protection Policy
• Data Map
• Third Party Data Processor Due Diligence Questionnaires
• Third Party Data Processing Agreements
• Retention Policy
• Individual Rights Policy & Data Subject Access Requests Procedures
• Privacy Impact Assessments
• Personal Data Breach Notification Policy
• Security Policy

The above information is provided for guidance only.  If you have any queries, please email hello@webby.design