ASPB GDPR Preparation Statement May 2018

ASPB is committed to safeguarding personal and sensitive data in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 1998. In addition, we are currently preparing for the implementation of GDPR (General Data Protection Regulation (2016/679 EU))

With guidance from our data governance committee, our commitment to data security has always been a priority and with the impending introduction of the GDPR, our procedures and policies, with regard to personal data, are currently undergoing a total review.

Our Data Governance has enabled us to clearly identify the following areas of importance:

  • Accountability
  • Data Security
  • Data Impact Assessments
  • Data Subjects Rights
  • Consent

Transferring data from the EU

Our processes and policies are fully auditable. We review them regularly and make improvements as necessary. We have a detailed and structured plan to follow in preparation for GDPR.

ASPB is committed to addressing the EU data protection requirements and our action plan, in order to be prepared for June 29th 2018, includes (but is not limited to):

  • Legal support from local EU Counsel to help guide us
  • Understanding the provisions of the new regulations, paying attention to how it may differ from the current obligations and detailing considerations of our clients, members and internal staff
  • We are in the process of auditing our data capture points both internally and externally (with our 3rd party suppliers)
  • We are updating the inventory of personal information which we control, and reviewing the current controls and processes to ensure that they are adequate. This includes a risk assessment which, should it result in identifying that any area is at risk, we will build a plan to address that.
  • We ensure that we are informed regularly of updated regulatory guidance as it becomes available and will consult a legal expert to obtain applicable guidance.
  • We are conducting regular reviews of the Information Commissioner’s website, which is the UK representative within the EU working group: Article 29 and attend talks and training courses.
  • As part of our ISO 27001 commitments, our monthly internal audit process is being designed to stress test GDPR regulations.
  • We have instructed a working group of Senior Management to meet bi-weekly, to manage the process of implementation. This group includes (Susan Cato, Director of Member Services and Digital Strategy; Mark James, Web Systems Manager; Clara Woodall, Director of Finance and Administration; Shoshana Kronfeld, Membership Manager)
  • We are currently assessing the need for an independent DPO, which we will aim to have in place

Q4 2018

At ASPB, we strive to deliver an incredible customer experience. We will continue to make additional required operational changes resulting from the new legislation, and will keep our clients, partners and regulatory authorities informed throughout this process. Our internal cross- functional team will continue to monitor GDPR as it moves to become more clearly defined over the next few months, and will continue to inform our strategy for GDPR.