Bisio Training gains ACP status with BSI
 BS102000 CONSULTANCY...
|
Bisio Partners with ExamWorks-IS
 Bisio to Provide L3API to ExamWorks-IS...
|
Bisio Training Ltd is a UKRLP Registered Company
 ...
|
|
About Bisio Investigative Training
Bisio Training Ltd - Data Protection Policy |   | Company Registration Number Z3013960 – Information Commissioners Office (ICO)
Introduction –
The General Data Protection Regulation (GDPR) creates a new legal framework to apply across the EU, including the UK from the 25 May 2018. This replaces the Data Protection Act 1998.
New requirements include: -
- Reporting data breaches
- Cross border considerations
- New rights for contacts – the need to inform contacts how we are using personal data and their rights under GDPR to request that personal data is deleted
- The need to demonstrate that we are mitigating against risks of misuse of clients’ personal data
Policy -
Bisio Training will analyse the ten key areas of compliance with the GDPR viz:
- Governance – the leadership team and functional managers will be made aware that the law is changing to the GDPR and they will appreciate the impact this is likely to have.
- Risk Management – we will consider and manage any risk to the organisation, as well as risk to data subjects resulting from a data breach.
- GDPR Project – we have a project team comprising of two of the company directors addressing the specific requirements of GDPR to become compliant.
- Data Protection Officer (DPO) – a DPO will be appointed from the leadership team.
- Roles and Responsibilities – we will identify the roles that are likely to have responsibility under the GDPR and establish appropriate skills, knowledge and training.
- Scope of compliance – we will identify how much of the organisation is in the scope of the privacy compliance framework.
- Process analysis – we will identify all the controller-processor relationships that involve data processing. This area could form part of a data flow audit in a later stage of our GDPR compliance project.
- Personal information management system (PIMS) – we will manage our documentation to enable us to demonstrate GDPR compliance in respect of managing personal data.
- Information security management system (ISMS), Principle 6 and Article 32 – we will adhere to the responsibilities of information security and protecting the security of data subjects.
- Rights of data subjects – we recognise data subjects’ rights and will have procedures and technologies in place to help them exercise those rights.
| | | |
|
| |
|
|