On the 25 May 2018 the European Union’s General Data Protection Regulation (GDPR) will become effective.

Here at Ellis Whittam we have, for the past 12 months, been busy preparing for the new regulation:

Data and Process Audits:

We have carried out comprehensive internal due diligence to ensure our compliance with the new regulation. We have, simultaneously, been working on a complete digital transformation programme: we have used both GDPR and our digital transformation as an opportunity to get under the skin of our data-related processes, our information security management systems, our governance and risk management strategies.
Activities included:

• Appropriate education of all Ellis Whittam’ colleague’s data security knowledge
• Assessment and appropriate education of all Ellis Whittam’ colleague’s GDPR knowledge
• Audits and appropriate due diligence upon our Suppliers
• Thorough audits of data and related processes for data where we are the Data Controller.
• Thorough audits of our processing activities for data where we are the Data Processor.
• A review and refresh of all our data security related polices.
• Realignment of our ISMS practices within the ISO27001:2013 framework.
• Appointment of a Data Protection Officer (who also sits on our Operational Board)

Update to our published policies and privacy notices:

We take data security very seriously and are committed to the Confidentiality, Integrity and Accessibility of the data that we control and process, and we want to be clear about the data we collect and process, both internally and when delivering services to our clients:
Internally, we have revised our own internal privacy policies and circulated these to all colleagues.

We have updated our privacy notice to be transparent about the data we process;We have updated our privacy notice relating to job application;
We have published our processing policy.

These updated policies are available on our website and provide contact details for our Data Protection Officer.

GDPR Compliance Statement:
We have also published a GDPR compliance statement which provides information regarding our organisational and technical controls.
Our GDPR compliance statement is published on our website.