The EU General Data Protection Regulation (EU GDPR), coming
into force on the 25th May 2018, is a huge change in the law protecting the
privacy of EU citizens. Even with Brexit looming, the UK has adopted this law
as its own, and following Brexit this legislation will become the Data
Protection Bill.
GDPR is designed to make our Data Protection Laws fit for
the Digital Age, in which more and more data is processed and held
electronically, and hands greater opportunity to the public to take back
control of their personal data.
Howard Warwick Associates (HWA) has a strong belief that privacy and security of personal data is a very important right for citizens and we can assure all of our clients that we are qualified and compliant in all areas of our business. Within this statement we wanted to highlight to our clients the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data on your behalf.
Personal Data is defined as any piece of identifiable data held relating to a Natural Person (Living Human Being). This relates to any data which can be related or linked back to a single person, such as a Postcode, an IP address or a National Insurance Number.
Processing is defined as any operation which is performed on personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction. This definition applies to all data formats, both physical and electronic.
Within GDPR law, there is a firm requirement that a contract MUST exist between a Data Controller (Our Client) and the Data Processor (Howard Warwick Associates). This binding written agreement must include explicit documented instructions detailing the reasons for Processing the Data, the way in which the Data is Processed and handled, and clear breach reporting processes in the event of any issues. Howard Warwick Associates (HWA) will be reviewing all of our customer agreements to ensure compliance.
We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access, and to comply with the 6 rights of Data Subjects, Lawful, Legitimate, Minimal, Accurate, Removal and Security.
In order to comply we are certified in the following standards:
ISO 9001:2015 Quality Management Systems
ISO27001:2013 Information Security Management System
Howard Warwick Associates (HWA) will notify any data breaches to the Controller without undue delay. We have a strict and rigid notification process and procedure in place for identifying, reviewing and promptly reporting data breaches to the relevant controller.
Any breach report would include; (1) A description of the nature of the breach, (2) Likely consequences of the breach, (3) Proposed and imposed measures that were taken to limit harmful effects
Howard Warwick Associates (HWA) do not expect any breaches however it is essential these processes are in place for peace of mind to avoid any action by the ICO.
Data Subject Rights Under the GDPR
Howard Warwick Associates (HWA) are happy to work with our clients to determine how best to facilitate DSARs (Data Subject Access Requests), Application and adherence to Retention Periods and the processes of Secure Erasure and Destruction of personal data.