General Data Protection Regulation (GDPR) Micheldever Group Limited Statement

Introduction

The EU General Data Protection Regulation (GDPR) comes into effect on 25th May 2018 and replaces the current EU and UK Data Protection laws. GDPR introduces increased data protection rights for individuals and gives them a greater say in how, where, when and why their personal data is processed, collected and stored.

GDPR impacts the way organisations process personal data and requires organisations to demonstrate compliance with the Regulation and to design processes and systems that protect individual’s data privacy.

Micheldever’s commitment

At Micheldever, we have always honoured our customers’, suppliers’ and employees’ right to data protection and privacy. We are committed to complying with the current UK Data Protection Act and we are working hard to be compliant with GDPR before the 25th May implementation date.

How is Micheldever preparing for GDPR?

We started preparing for GDPR in early 2016, soon after the announcement of the implementation date. As both a Data Controller and Data Processor we understand our requirements and obligations under GDPR and we have put in place a dedicated internal team to drive our organisation to meet them.

All group companies and operating divisions are busy undertaking structured programmes of activity to ensure compliance with GDPR before the implementation date.

Some of the ongoing activities are:

Identifying personal data –undertaking data inventories and processing audits to determine the exact nature of how personal data is processed, collected and stored. We are detailing how personal data enters, flows through, and where applicable leaves the organisation.

Enhancing existing technical and organisational security measures - our IT and compliance teams are reviewing and building on the existing security controls to ensure data protection by design and by default are at the heart of our systems and processes. This includes updating ITGC, J-SOX and PCI DSS compliance programmes as well as introducing new software.

Updating training and awareness for all employees – a comprehensive programme of training and awareness of the principles and requirements of GDPR is underway.

Visibility and transparency - our privacy policies and documentation are being reviewed and updated to be compliant with GDPR. Where appropriate we will publish Data Protection Impact Assessments (DPIA) to demonstrate our commitment to protecting the data privacy rights of our customers, employees and suppliers.

Supplier assessments – any supplier processing personal data on behalf of Micheldever will be assessed to ensure compliance with GDPR. Where appropriate suppliers will be assisted to become compliant with GDPR.

Dedicated internal team – a dedicated team, reporting to the Board, is in place to drive these activities forward.

Who to contact

If you have a query or concern about data protection or how we currently process your personal data please contact a member of the Data Protection team via:

Email DPO@micheldever.co.uk

Telephone 01926 816 799

Post: Data Protection Officer
Micheldever Group Limited
Mill Place
Micheldever Station
Winchester
Hampshire