We now comply with GDPR.

From May 2018

From 25th May 2018, the new General Data Protection Regulation (GDPR) will come into force and replace the Data Protection Act 1998.

The general gist of GDPR is to give people more control over how organisations use their data, in conjunction with hefty fines for companies that fail to comply with the rules or suffer data breaches.

Article 4 of GDPR identifies the different roles that will be apparent within organisations:

Controller – “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”

Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”

It is the responsibility of the Controller and/or Processor to demonstrate compliance with Article 5 of the regulations and the six principles which outline that the processing of data shall be:

HOW IT WORKS

How have we addressed the GDPR rules?

Like most companies, we are on-board with the challenge of being GDPR ready, well before the 25th May. Orbital will be mainly considered a ‘processor’ under the new rules and we have looked at the following areas to implement change:

  • Audit of data within the business.
  • Review of privacy notices which should be: concise, transparent, intelligible and easily accessible.
  • Review of contracts with clients and candidates.
  • Data processing agreement between Controller and Processor.
  • Production of Data Retention Policy.

Although this is a new regulation, as long as a company has been operating with the current Data Protection Act in mind, then GDPR should not mean a massive change in process and procedure. Please feel free to ask our opinion on how to work together with GDPR.

© 2018 Orbital Payroll Group Ltd. All Rights Reserved    |    Privacy Policy    |    Web by FCD

© 2018 Orbital Payroll Group Ltd. All Rights Reserved

Privacy Policy    |    Web by FCD