GENERAL DATA PROTECTION (GDPR) 2018

Gray Dawes continues work in accordance with current data protection legislation and will ensure that we are fully compliant to the new regulations by early 2018, well ahead of the 25th May 2018 enforcement date.

We have a working group which is assessing the impact of the new legislation across all areas of the business including operations, account management, marketing, finance, technology and supplier relations.

This working group, consisting of senior members of the Gray Dawes management team is delivering a plan that will highlight action points and process changes to be implemented along with a new training schedule for all our 150+ employees.

We are updating our privacy policies to ensure we are providing a straightforward description of what we do with personal data and why we require it.

We are reviewing the data we hold, removing non-essential information and implementing a regular purge of unused information.

We are reviewing our systems to ensure compliance with the right to be forgotten, data portability and subject access requests.

Data protection by design principles are being implemented and adopted across our business
Certain activities, such as the processing of sensitive data, require a data subject’s consent. We will ensure that required consents for any of our products and services that involve the processing of sensitive data are correctly obtained.

We are updating our incident response procedures to account for managing personal data breaches.