The General Data Protection Regulation (GDPR) is being implemented by EU and comes into force from 25th May 2018. The new regulation is designed to ensure that the ever-increasing volume of data held by all businesses is collected, held and secured lawfully, in line with some quite simple principles.
Any organically developed process (i.e. data management) requires checks and balances from time to time, and we are all aware of the big news articles where large corporations have been exposed trading private data – which has resulted in some instances with loss of security or unwanted intrusion.
Derker Consult Ltd only ever collects, stores and uses client (or business to business) data with the data owner’s full knowledge and consent. We never pass private data to any third party unless it is for legitimate and expressly or contractually agreed purposes. This has always been our policy, and despite the slightly more complex requirements of GDPR will remain the core of how we operate for you.
In simple terms we have developed our operating systems and procedures to ensure your data is kept in a secure and consistent location, within cloud storage. Both of these technologies have multi-layer security with unique passwords to control who can access and at what level.
In developing the client relationship management (CRM) module of our database we have removed the need for satellite lists, copies or versions of client data (e.g. spreadsheets) so unintentional duplication or publication of your data is reduced to a reasonable minimum. We can provide you with access to your data – please contact our data protection officer email@example.com or further details.
We will shortly be asking you to confirm you are happy for us to hold your data for the express purposes of doing business with you. GDPR regulations require us to establish ‘positive opt-in’ with you, although we appreciate like us you have been bombarded with a shower of emails asking you to do so. We are taking a more proportionate approach, wherein we will contact current/live clients first, then those for who we hold data but are not currently working with. Our standard operating terms and conditions, service level agreements or professional services agreements with you will be amended accordingly. To make sure we correctly give you genuine choice and control we will track your preferred options, and in any case where we have not established clear preference we will ask you formally to confirm your ‘opt-in’ choice when we next do business or meet with you.
Third parties will rely on your consent to hold/share data. These include suppliers of goods or services we arrange for you, Local Authorities or other public bodies involved in projects etc. When we ask for your consent to share your details we act ONLY in a processing capacity. We will never make decisions about how we control your data (e.g. for our marketing purposes) without securing your written and express consent to do so. We do not engage in any sort of blanket marketing activities, unless we are marketing to you. We do not sell or offer your data to any third party, and we never will.
As with all businesses our professionalism and effectiveness relies on our staff being aware, trained and competent to manage the day-to-day application of data management and security. To this end, our staff are receiving in-house training in the appropriate management of client data, we have reinforced this in our employment contracts and staff handbooks.
Derker Consult Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.