About Bisio Investigative Training

GDPR POLICY 2018

Who we are

Value Statement

Testimonials

Bisio Training Ltd - Data Protection Policy   Company Registration Number Z3013960 – Information Commissioners Office (ICO) Introduction – The General Data Protection Regulation (GDPR) creates a new legal framework to apply across the EU, including the UK from the 25 May 2018. This replaces the Data Protection Act 1998. New requirements include: - Reporting data breaches Cross border considerations New rights for contacts – the need to inform contacts how we are using personal data and their rights under GDPR to request that personal data is deleted The need to demonstrate that we are mitigating against risks of misuse of clients’ personal data Policy - Bisio Training will analyse the ten key areas of compliance with the GDPR viz: Governance – the leadership team and functional managers will be made aware that the law is changing to the GDPR and they will appreciate the impact this is likely to have. Risk Management – we will consider and manage any risk to the organisation, as well as risk to data subjects resulting from a data breach. GDPR Project – we have a project team comprising of two of the company directors addressing the specific requirements of GDPR to become compliant. Data Protection Officer (DPO) – a DPO will be appointed from the leadership team. Roles and Responsibilities – we will identify the roles that are likely to have responsibility under the GDPR and establish appropriate skills, knowledge and training. Scope of compliance – we will identify how much of the organisation is in the scope of the privacy compliance framework. Process analysis – we will identify all the controller-processor relationships that involve data processing. This area could form part of a data flow audit in a later stage of our GDPR compliance project. Personal information management system (PIMS) – we will manage our documentation to enable us to demonstrate GDPR compliance in respect of managing personal data. Information security management system (ISMS), Principle 6 and Article 32 – we will adhere to the responsibilities of information security and protecting the security of data subjects. Rights of data subjects – we recognise data subjects’ rights and will have procedures and technologies in place to help them exercise those rights.