shaw gibbs - accountants and business advisers
accountants & business advisers

Have a question? Like to know more? - Contact us or Call 01865 292200 or 020 7436 4773, Mon-Fri 8:15am - 5:15pm

*Initial meeting is free of charge

Shaw Gibbs GDPR readiness - FAQs

Reviewed 5 April 2018

With implementation of the General Data Protection Regulation (GDPR) imminent, we understand that, as a client of Shaw Gibbs, you are likely to have some questions around what we have been doing and are doing, to prepare for GDPR. We have produced a series of frequently asked questions which should cover some, if not all, of those questions.

Shaw Gibbs’s approach to GDPR readiness

Has Shaw Gibbs commenced a GDPR readiness programme and, if so, what is its current status?

Data protection compliance is fundamental to our business and, as a result, Shaw Gibbs has taken a keen interest in GDPR since the draft text was first released many years ago as part of the EU’s legislative process. Since then, we have been working diligently with our clients, contacts and our internal stakeholders to assess the potential impact of GDPR on our business and the industry more generally and to identify any changes that will need to be implemented to comply with the enhanced requirements set out in GDPR. Our GDPR readiness programme has been under way for some time now and is now in implementation phase.

This means that we are working to a project plan that encompasses the major data assets across our business. It includes controls to review our processes and policies and our internal documentation for GDPR accountability standards.

Will you be issuing new standard terms and conditions?

To support our clients in managing their GDPR compliance, and in continued delivery of our services to our clients, we will be issuing GDPR standard contract terms that meet Article 28 processor requirements.

Is Shaw Gibbs’s GDPR readiness programme supported by the Board?

Yes, as a data business, compliance with data protection legislation is crucial and our Board members are fully supportive and engaged with our GDPR readiness programme which is being led by Shaw Gibbs’ director Steve Neal.

Has Shaw Gibbs appointed a Data Protection Controller?

We have appointed Steve Neal, Head of Audit as our Data Protection Controller, his contact details are shown at the end of this document.

When does Shaw Gibbs expect to be compliant with GDPR requirements?

Shaw Gibbs’s GDPR readiness programme is well underway. We have, for some time now, been working with all business areas and stakeholders with a view to moving our business towards compliance with all GDPR requirements ahead of the 25 May 2018 deadline.

How will Shaw Gibbs ensure that it maintains compliance with the requirements of GDPR, on an ongoing basis, post GDPR?

We see our GDPR programme as the first phase of a long term plan. As is the case for all organisations processing personal data, the important factor is not just to be compliant on 25 May 2018, but to maintain compliance on an ongoing basis.

We already have robust processes and procedures in place to manage compliance with existing data protection legislation and, as part of our GDPR readiness plan, we have reviewed those processes and procedures to ensure that they are fit for purpose under the new regime.

Will Shaw Gibbs be able to continue to provide the same services as it does today post GDPR? What products and services from Shaw Gibbs will be impacted by GDPR and how?

As mentioned above, as part of our GDPR readiness programme, we are working through all products, services and data processing activities undertaken by Shaw Gibbs in order to identify what, if any, changes will need to be implemented prior to 25 May 2018. This project is ongoing however, as mentioned above, GDPR does not, contain anything which, at a fundamental level, would prevent Shaw Gibbs from continuing to promote our current services.

Supplier engagement

Has Shaw Gibbs engaged with its material suppliers and service providers to gauge their state of preparedness for GDPR implementation?

Engaging with material suppliers is an important aspect of our GDPR readiness programme. We have, for many months, been engaging with suppliers and will continue to do so during the run up to 25 May 2018.

Enhanced requirements, data subjects’ rights and consent

Has Shaw Gibbs implemented processes and procedures to be able to comply with the data subjects’ rights provided for in GDPR?

Part of our GDPR readiness programme has involved assessing the processes and systems we already have in place to comply with rights currently available to data subjects under the Data Protection Act 1998. As part of this assessment we have also identified what, if any, changes will need to be implemented to ensure that we can, from 25 May 2018, comply with the enhanced rights set out in GDPR.

As part of the transparency requirements, we will be working to ensure that individuals are aware of, and understand, when these rights apply.

What is Shaw Gibbs doing to ensure that it complies with the enhanced information requirements set out in GDPR?

Shaw Gibbs fully supports the drive towards greater transparency. Our corporate strategy seeks to put our customers at the heart of everything we do and, being open and transparent, is a crucial element of achieving this.

We are working with all stakeholders within our business, industry bodies, suppliers and clients with a view to ensuring that all privacy notices and data collection notices that feed into our business will be compliant with these requirements in advance of the 25 May 2018 deadline. We have also been engaging with the Information Commissioner’s Office (ICO) to ensure that the approach being taken is in line with ICO’s expectation, particularly in the critical area of credit information transparency.

Does Shaw Gibbs have processes in place to ensure that it can detect, investigate and report data breaches in accordance with GDPR requirements?

Yes, the security of all data (including personal data) that we hold is highly important to us. Not only do we implement data security measures to protect it but we also have processes and procedures in place to ensure that, in the event of a breach, it will be detected, investigated and managed efficiently.

Does Shaw Gibbs conduct Privacy Impact Assessments (PIAs)?

The core principles of PIAs can be applied to any project which involves the use of personal data, or to any other activity which could have an impact on the privacy of individuals. To date, Shaw Gibbs have not taken part in projects which use data in this way, should this change in the future, we will follow the ICO code of practice to ascertain whether a PIA is required.

Steve Neal
Head of Audit
+44(0)1865 292200
datarequest@shawgibbs.com

© 2018 Shaw Gibbs Ltd

Your registration