Protecting your data
There's a good chance that by now you've heard of the new EU General Data Protection Regulation (GDPR) that comes into force on 25 May 2018 and your own business plans for how you're going to comply are well underway.
If not, the Information Commissioner's Office has published a 'Guide to the GDPR' which you can access here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
What is the GDPR?
The Regulation has taken four years to develop, and is the most important change in data privacy legislation in 20 years.
It's EU-wide and replaces the current data protection laws in the UK. It's intended to provide greater protection for personal data in the developing technological world.
The onset of 'Brexit' will not affect the commencement of the GDPR; the UK Government has made it clear that the GDPR will become part of UK law on 25 May and has developed the Data Protection Bill to incorporate the obligations of the GDPR. This is because the GDPR also applies to organisations who interact with citizens of other EU countries.
What is water2business doing?
As a data controller, water2business will comply with its obligations under the GDPR when it takes effect; working to ensure privacy and responsible use of data for all our customers and stakeholders.
At water2business, we are committed to adhering to all the GDPR controls and we have clear policies and procedures in place to ensure our compliance. We will responsibly exercise our duties as a data controller.
We're updating our Privacy, Cookie and Data Retention Policies to fulfil the new obligations and these will be effective from 25 May. The water2business team have been and continue to be trained to follow good practice in:
- storing and gathering information - including only taking the details that are necessary to provide a service to you;
- protecting the information we are working on for our customers;
- complying with all reasonable requests from individuals to find out about the information we hold on them; and
- providing evidence for audits.
water2business is reviewing all data used across the organisation and amending these documents to show how and when consent should be obtained. This will ensure consent from individuals is affirmative, freely given, specific, informed and unambiguous.
The option to opt out of marketing communications will always be available and included in communications with an individual outside of water2business.
water2business believes that privacy is a very important right for citizens and wishes to assure all our customers and suppliers that we are working hard to ensure compliance across our business.
Further information
water2business's Compliance Manager is Kirstie King and she is overseeing the project for GDPR compliance. She is also the Data Protection Advocate for water2business.
If you have any questions, please email gdpr@water2business.co.uk