General Data Protection Regulation

The new General Data Protection Regulation (GDPR) comes into force from the 25 May 2018, and replaces the old Data Protection Act 2018. The new legislation broadens the requirements of the Data Protection Act, by giving individuals more rights over how personal data is collected, processed, stored, and ultimately disposed of.

Barrett Corp & Harrington take General Data Protection Regulation very seriously, and as a result have undertaken a thorough review of all Company policies and procedures, to bring them in line with the new legislation.

Our journey involved:

• Attending GDPR seminars and training courses, appointing a legal counsel specialising in GDPR, and appointing an internal General Compliance Manager.

• Embarking and continuing on a comprehensive training programme to ensure that all staff at every level are aware of the importance of GDPR, and the impact it will have on our systems and processes. This includes Human Resource, Finance, IT, and Operations.

• We identified where all of our personal and sensitive data is stored and enhanced both our controls and processes and our policies and procedures to ensure the new legislative criteria was met.

• We have updated our subject access request policy and procedure to ensure that any request from a client in relation to their personal data is met in a timely manner.

• We have strengthened our website by reviewing and updating our privacy policy, as well as overhauling our marketing strategy to ensure that all of our customers have the right to subscribe and unsubscribe to any marketing campaigns. Processes have also been instigated that allow us to remove any contact information we may have captured once a customer unsubscribes. We also ensure that no information is passed to a third party.

• Storage and backup procedures have been thoroughly reviewed to ensure compliance with the new legislation, and data encryption is encouraged where possible. No information pertaining to the payment of services through either a debit or credit card is stored by Barrett Corp & Harrington, we ensure that this information is only captured by our banking provider.

• Our data retention policy has been enriched to make sure that we only keep data for as long as we need it, once data has reached it’s useful life, it is safely disposed of.

• We have also enhanced our breach management policy, to enable us to respond to any unlikely breach, in line with GDPR requirements.

Barrett Corp & Harrington recognise the importance of the new GDPR legislation and are committed to filtering this legislation into all related policies and procedures. We also recognise that a big part of compliance centres on training our staff. We ensure our staff fully understand and adhere to the new legislation and that ethos is instilled.

If you require more information on our GDPR procedures, please contact our Data Compliance Manager at jeremy@bch.co.uk