Our commitment to GDPR
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Designated Group, including Designated Medical is well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.
Designated Medical’s Commitment
At Designated Medical, we have always given our clients and contacts’ the right to data privacy and protection. We have never relied on advertising as a means to generate business and we have never sent direct advertising to our contact database, and never will. This means that we have no necessity to collect and process our contact database’s personal information beyond what is required for the delivery of our services and to ensure we optimise how we can help and support them.
Over the years, we have demonstrated our commitment to data privacy and protection by meeting the industry standards for data protection. All client sensitive data is saved in an encrypted storage facility which is tightly regulated. We have also made significant investment into our IT infrastructure and we recognise that the GDPR will help us move towards the highest standards of operations in protecting customer data.
How is Designated Medical preparing for GDPR?
We have reviewed all our data and touch points where we collect data and have ensured that we are fully compliant by the time the regulation comes into effect. Designated Medical also understands its obligation to help clients and contacts get ready for the big day and has published useful information to assist them in the process.
We have thoroughly reviewed GDPR requirements and have put in place a dedicated internal team to drive our company to meet them. Some of our ongoing initiatives are:
- Identifying personal data – All our data is categorised and integrated with our marketing systems to ensure consent and accessibility. We have invested in systems to ensuring accuracy and control of data across all systems.
- Providing visibility and transparency – The most important aspect of GDPR is how the collected data is used. Designated Medical’s key role is to provide our clients and contacts (the data subjects) with the access to effectively manage and protect their user data. Designated PA has contacted each and every contact allowing them access to opt in and out and update their personal information.
- Enhancing data integrity and security – Data privacy and data security are two sides of the same coin. As our clients tighten their data security measures, Designated Medical would like to extend a helping hand and have a team of marketing experts who can assist with GDPR compliance. We have invested heavily in our IT infrastructure to ensure we maintain a high level of security and integrity.
- Portability and transferability of data – GDPR gives data subjects the right to either receive all the data provided and processed by the data controller or transfer it to another controller depending on technical feasibility. With this new right in mind, Designated PA is able to export data at an individual level as required.
What does this mean for our clients?
We understand that meeting the GDPR requirements will take a lot of time and effort. And as your partner, we want to help you make your process as seamless as possible, so that you don’t have to worry about compliance and can focus more on running your business. If you need assistance with implementing processes that are GDPR compliant, get in touch and our team of marketing experts can assist. The Information Commissioner’s Office (ICO) have a self assessment tool for businesses which is definitely worth a read.
What should you do to be GDPR-ready?
- Create a data privacy team to oversee GDPR activities and raise awareness
- Review current security and privacy processes in place & where applicable, revise your contracts with third parties & customers to meet the requirements of the GDPR
- Identify the Personally Identifiable Information (PII)/Personal data that is being collected
- Analyse how this information is being processed, stored, retained and deleted
- Assess the third parties with whom you disclose data if
- Establish procedures to respond to data subjects when they exercise their rights
- Establish & conduct Privacy Impact Assessment (PIA)
- Create processes for data breach notification activities
- Continuous employee awareness is vital to ensure continual compliance to the GDPR
Are you GDPR ready?