CCM has created this policy to ensure its staff and partners are compliant with GDPR.
GDPR overrides the UK DPA 1998 act and it brings consistency. It came into force on May 25th, 2018. It covers all of Europe and is not affected by Brexit.
This policy outlines what CCM will monitor, action and review annually.
- Know Our Data. We will undertake care in understanding the types of personal data (for example name, address, email, bank details, photos, IP addresses) and sensitive (or special category) data (for example health details or religious views) we hold, where it’s coming from, where it’s going and how we will use that data.
- We will Look hard at our security measures and policies and implement any changes required.
- Train our employees. We will train our employees and report a serious breach within 72 hours. We will ensure our employees understand what constitutes a personal data breach. We will also ensure everybody involved in our business is aware of a need to report any mistakes to the ICO.
- Due-diligence will be carried out on our supply chain and will we request for their GDPR policies.
- Client’s Data. We do not and will not share client’s data with any third- party companies. We will only collect or process data where we believe there is a legitimate interest.
- Ongoing Monitoring. We take GDPR seriously and respect the data we hold on our employees, clients, partners and suppliers. We will review and update our policy map, GDPR actions annually. If new information or advice is issued by the ICO we will do our best to administer in a timely and accurate manner. Where we are not clear of our actions and obligations we will seek advice from the ICO.