GDPR AND DATA PROTECTION OVERVIEW
Data Protection Act 2020
-
Any personal data entered on line is held securely on our database for the sole purpose of printing the products the client has purchased.
-
We do not pass personal details on to any third parties.
-
It is the responsibility of the client (editors) - not Cauliflower Group Ltd - to obtain suitable consent for publishing of personal details.
GDPR 2020
Our Data protection Policy was significantly revised with the adoption of the General Data Protection Regulation (GDPR) in May 2018 and reviewed and revised at the end of Brexit transition in 2020. Cauliflower Group Ltd is committed to meeting its obligations and conducts regular GDPR reviews to ensure compliance with these additional rules. This has been integrated with our current Data Protection Procedures and we will continue to review and update our procedures with any Company changes and developments. We are registered with ICO and have declared the information we hold.
Overview of the key GDPR areas that we annually review are as follows:
Audit:
We audit the data we have and its storage, access and security.
Privacy by design:
Under ICO guidance we currently only collect information from customers that is succinct and relevant for processing jobs. Under GDPR we review our security of this information both through internal security and web hosting services.
Governance and Accountability:
At management level we review and updated policies & procedures to safeguard data and demonstrate compliance. This includes data mapping and privacy impact assessments where relevant.
Raising awareness:
Induction and further training opportunities for our staff ensure that we raise their awareness of data protection and company policy.
Consents, notices and contracts:
We review these to ensure they are updated to reflect legal requirements.
Transfers:
We no longer transfer to data entry companies all data is kept inhouse.
Incident response:
We regularly review our policy and processes to ensure we are ready for requirements with regard notify authorities and users of data breaches in certain circumstance as specified by law.
Lawful Basis for Processing Data in our Marketing:
We are continuing to ensure that we market to individuals who have a 'legitimate interest' (as previous customer) in the products we offer and that they are offered an opt out from further contacts of legacy communications and opt ins for ongoing new communications.
Our data protection policy contains a full AUDIT of the data we collect and how it is handled.