Our GDPR Statement
The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 and will supersede the current Data Protection Act 1998. GDPR will apply despite Brexit and will impact all organisations that control or process personal data. It will grant data subjects a range of new rights, giving them more control over how their data is used. Organisations will be subject to new responsibilities and obligations, including the need to demonstrate compliance.
What are we doing to ensure compliance?
At MISL Ltd, we are committed to protecting and respecting the privacy of individuals and take our obligations under data protection legislation seriously. We already manage personal data in accordance with the industry standards for ISO 27001 and with the Cyber Essentials Plus Certification. We understand and welcome the high standards that GDPR will promote and encourage across all organisations that process personal data on behalf of third parties. By digitising your records and implementing a document management system we can help you access, delete and secure the information you hold.
In order to ensure our readiness for GDPR, we have in place a multidisciplinary team which, informed by an external GDPR specialist advisor, has the following key priorities:
- To maintain our existing management systems, processes and policies (including ISO 9001, BS10008 and ISO27001) to ensure that we are GDPR-compliant.
- Ensure that our employees and consultants are all DBS checked and are fully aware of the new obligations that GDPR will introduce and ensure that there is accountability and shared responsibility for ensuring compliance.
- Provide a range of products and services to our customers to assist them with GDPR, including our new cloud-based filing and retrieval platform built with GDRP in mind. We understand the importance of good data practices to our customers and are on hand to support our customers through their GDPR-readiness journeys. Some of the specific initiatives that we are currently progressing:
Data Review – An extensive review of all personal data we hold. We will only retain your data for as long as is reasonably necessary and use it only for the purpose it was collected for.
Process Updates – Updates to our existing procedures to ensure we have the tools to maintain compliance with GDPR. This includes the appointment of a new Data Protection Officer, and a review of our existing policies such as our data security and incident response plans.
Improved Subject Access – Updates to our existing subject access request processes to ensure that it is easier and quicker for data subjects to exercise their rights.
Review of consents – Review of our existing marketing practices, and associated consents, to ensure that these are transparent, fair and GDPR-ready.