On 25 May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
Clifton Ingram is committed to GDPR compliance across the firm and during our implementation period for the Regulation, we are evaluating the new requirements and restrictions imposed by the GDPR and reviewing where and how we collect, use, store and dispose of personal data and updating policies, standards and documentation as necessary.
To prepare for GDPR we are:
- Reviewing our existing data protection policies and codes of conduct to ensure they comply with the new principles.
- Conducting an audit of any data currently held by the firm to check the purposes of processing, retention periods and individual rights.
- Reviewing and updating internal breach procedures and ensuring that the relevant people know how to detect, report and investigate a personal data breach.
- In light of the new direct obligations, using all reasonable endeavours to ensure that our third party and suppliers are compliant under the GDPR regime.
- Putting in place Data Protection Impact Assessments where a new technology is being deployed.
- When processing data, we aim to ensure the following:
- The processing is lawful, fair and transparent
- The data is collected for a specific purpose and is necessary for the purpose
- The data must be accurate and kept up to date
- Data is not kept for longer than necessary
- The data is kept safe and secure
We have an internal cross-functional team who will continue to inform and monitor our strategy for GDPR on the run up to 25 May 2018 and after its enforcement.
You have a right to ask us to provide you with the information we may hold about you and to update any data we hold. If you would like to do so, or if you have any other queries about our data protection policy, please write to the Managing Partner, Clifton Ingram LLP, 22-24 Broad Street, Wokingham, RG40 1BA or email firstname.lastname@example.org.