General Data Protection Regulations (GDPR) Statement
The European Union General Data Protection Regulations (“GDPR”) was approved on the 14th April 2016 and is due to become enforceable law on the 25th May 2018. This new set of regulations are designed to update the Data Protection Act 1998, and offer data subjects a wider range of rights and control over their personal data.
Transvalair UK Ltd (“Transvalair”) is committed to high standards of information security privacy and transparency. The Company will comply with applicable GDPR when they take effect, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
Transvalair will ensure our compliance with GDPR by focusing on key areas throughout the company, overseen by an internal cross-functional team:
- Building on existing security and business practices to ensure our own compliance,
- Introduce new procedures where appropriate to address the areas of GDPR that are new requirements (e.g. the right to erasure, the right to be informed etc),
- Provide training and awareness across the organisation to highlight the requirements and limitations introduced in GDPR.
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
Transvalair already has a robust data management system in place and in order to ensure compliance will implement additional or augmented company-wide controls to meet GDPR within that management system. Updated information security policies and procedures will build on the existing management system, combined with the appointment of a company Data Protection Officer, will bridge the gap between our current business practices and bring us into complete compliance with the GDPR.
Some of the specific initiatives that we are currently progressing include;
- Data review: An extensive review of all personal data we hold, as we prepare a detailed data roadmap which outlines where this data is held, why we hold it and for how long.
- Contractual update: A full-scale analysis of third parties who process data on our behalf, and updates to contractual positions to ensure that we (and our customers) are protected as best as is possible.
- Process updates: Updates to our existing procedures to ensure we have the tools to maintain compliance with GDPR. This includes the appointment of a new Data Protection Officer, and a review of our existing policies such as our data security and incident response plans.
- Improved subject access: Updates to our existing subject access request processes to ensure that it is easier and quicker for data subjects to exercise their rights.
- Review of consents: Review of our existing marketing practices, and associated consents, to ensure that these are transparent, fair and GDPR ready.
All Transvalair employees will be provided with training appropriate to their interaction with Company data. In addition to these training requirements, Transvalair conducts ongoing Company awareness programmes on a variety of topics, including data protection, security and privacy.