General Data Protection Regulation compliance statement
On May 25th 2018, the General Data Protection Regulation (GDPR), came into effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents. The GDPR applies no matter where you are located.
Helen Arkell Dyslexia Charity is committed to the preservation of its reputation and integrity through compliance with applicable laws, regulations and ethical standards wherever it operates. All employees are expected to adhere to these laws, regulations and ethical standards, and management is responsible for ensuring such compliance.
Helen Arkell Dyslexia Charity is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have a data protection programme in place which complies with existing law and abides by the data protection principles.
Helen Arkell Dyslexia Charity is dedicated to safeguarding personal data as both a Data Controller and Data Processor. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
What is the Helen Arkell Dyslexia Charity doing?
Helen Arkell Dyslexia Charity as a charity has undergone an extensive project to address the GDPR principles and how it impacts our Employees, Customers and Suppliers.
Helen Arkell Dyslexia Charity has taken the following steps to further the data privacy controls already in place:
Helen Arkell Dyslexia Charity conduct audits to identify and assess what information we process, how and where it is processed, and who has access.
Helen Arkell Dyslexia Charity has carried out assessments to understand, classify and validate what personal data we process, and regularly update our Data Asset Register.
Helen Arkell Dyslexia Charity has a Data Retention policy and reviewed procedures to ensure the ‘data minimisation’ principle is applied and personal data is kept for no longer than is necessary for the purposes for which it is being processed.
Policies and procedures
Helen Arkell Dyslexia Charity has reviewed all applicable policies and procedures to ensure they are aligned to GDPR. Policies and procedures are reviewed on a periodic basis.
Helen Arkell Dyslexia Charity staff have been given access to data protection awareness training and material prior to May 25th 2018. This will ensure that all Helen Arkell Dyslexia Charity employees are aware and understand how vital it is to comply with the GDPR regulations.
Subscription to e-newsletters
Helen Arkell Dyslexia Charity’s primary public communication channel is via e-newsletters. We enable subscription to that service via our website. The subscription process allows subscribers the ability to update their options to choose to receive the e-newsletter or not. Each e-newsletter has a clear opt-in process allowing us to obtain proof of the time and date. It also allows customers and suppliers the ability to withdraw consent at any time.
Cyber security is a growing concern for many organisations, and one we take very seriously at Helen Arkell Dyslexia Charity. We have strong cyber security measures in place which means that we are not only protecting ourselves but our suppliers and customers as well. We have dedicated IT Security professionals and use a managed service for our data.
GDPR Roles and responsibilities
Helen Arkell Dyslexia Charity has appointed a Data Protection Officer – The Chief Executive.
For any additional queries about how Helen Arkell Dyslexia Charity is preparing for GDPR, please contact:
Data Protection Officer
Helen Arkell Dyslexia Charity
24 West Street
Surrey, GU9 7DR