ASPB GDPR Statement

ASPB is committed to safeguarding personal and sensitive data in line with all applicable laws concerning the protection of personal information, including GDPR (General Data Protection Regulation (2016/679 EU)). See our Privacy Statement

With guidance from our data audit, our commitment to data security has always been a priority, and with the introduction of GDPR, our procedures and policies with regard to personal data are undergoing a total review.

Our data governance audit has enabled us to clearly identify the following areas of importance:

  • Accountability
  • Data Security
  • Data Impact Assessments
  • Data Subjects Rights
  • Consent

Transferring data from the EU

Our processes and policies are fully auditable. We review them regularly and make improvements as necessary. We have a detailed and structured plan to follow in compliance with GDPR.

ASPB is committed to addressing the EU data protection requirements, and our action plan includes (but is not limited to):

  • Legal support from local EU Counsel to help guide us.
  • Understanding the provisions of the new regulations, paying attention to how they may differ from the current obligations and detailing considerations of our clients, members and internal staff.
  • Auditing our data capture points both internally and externally (with our 3rd party suppliers).
  • Updating the inventory of personal information that we control, and reviewing the current controls and processes to ensure that they are adequate. This includes a risk assessment which, should it result in identifying any at-risk areas, involves building a plan to address that risk.
  • Ensuring that we are informed regularly of updated regulatory guidance as it becomes available and consulting a legal expert to obtain applicable guidance.
  • Maintaining our understanding of GDPR developments and ensuring all ASPB staff are aware.
  • Using our monthly internal audit process to stress test GDPR regulations as part of our ISO 27001 commitments.
  • Managing the process of implementation via a working group of senior management that meets regularly. This group includes: Crispin Taylor, CEO; Mark James, Senior Manager of Information Technology; Clara Woodall, Director of Finance and Administration; Shoshana Kronfeld, Senior Membership Manager. This cross-functional team continues to monitor GDPR developments, which informs our GDPR strategy.
  • Assessing the need for an independent DPO.