GDPR Statement – July 2018
Here at Accentua Language Company Ltd. (Accentua) we take the protection of all client, supplier and team member personal data very seriously.
Whilst we are classified as a small company by General Data Protection Regulation (GDPR) legislation requirements, we are acutely aware of our responsibilities due to the changes to the Data Protection legislation and the new General Data Protection Regulation (GDPR).
We are committed to achieving a compliance level befitting our organisation size and structure and adding to our existing best practice policies to uphold our requirements within the GDPR legislation.
For further information regarding the legislation please visit www.ico.org.uk
So far, under our GDPR programme we have:
- Undertaken a series of events and researched to understand GDPR and the implication for both our business and our clients
- Briefed the key stake holders and team at Accentua re the need for GDPR and their/our responsibilities within it
- Rolled out end user awareness training for all team members with follow on events for any team member who was unable to attend, supported with audit and compliancy tracking
- Completed a GDPR gap analysis project, resulting in a detailed report of any actions required
- Produced an initial GDPR action plan with quarterly updates, to address any areas of noncompliance and to provide ongoing risk reduction
- Completed a data mapping exercise, which is audited quarterly
- Communicated with our team members, vendors and clients re accessing data and removal of data
- Contacted our IT service providers and all software suppliers that are cloud based to ensure their compliancy
- Reviewed our IT and Cyber policies to ensure compliancy
- Are using SharePoint and Office 365 to ensure encrypted processing of all client data, files and provide audit logs for evidence of access
- Extended our GDPR training to all Associates/third party suppliers and request a statement of compliance for all/any third parties we engage, in support of our translation activities
- Updated privacy statements and preferences on our website, email communication and internal data records for both the UK and the Netherlands
- Updated legal contracts to reflect GDPR
Whist we feel made good progress; we will continue to audit and update our processes as required to ensure continued compliancy. We will:
- Continue to execute against our plan
- Undertake data protection impact assessments on all data flows via a regular audit plan
- Further modify internal processes and procedures in line with GDPR compliance as and when required