We have made changes to ensure that we are compliant with new data protection regime when the General Data Protection Regulation (“GDPR”) which came into force on 25 May 2018.

What are we doing?

We have appointed a Compliance Manager and we are providing all the necessary in-house training to employees.

We have mapped our data processes and are making changes to ensure we are GDPR compliant, including:

  • We are ensuring we have the correct lawful basis for the collection of personal data
  • We are reviewing all our retention policies and amending where required to ensure they are appropriate
  • We are enhancing our record-keeping practices to ensure we can demonstrate accountability for compliance
  • We are making sure that any third parties that are storing or otherwise handling personal data on our behalf or to whom we transfer personal data have appropriate safeguards to ensure GDPR compliance. We are achieving this through (where appropriate) questionnaires, audits and enhanced contractual provisions or agreements
  • We are making further improvements to our security policy to ensure all the data we store is as secure as possible

We have updated our current policies/documentation and processes and introducing new policies/documentation and processes, including:

  • Website & Customer Privacy Notice, Privacy Notice for Suppliers & Privacy Notice for Consultants
  • Terms & Conditions
  • Data Protection Policy
  • Data Map
  • Third Party Data Processor Due Diligence Questionnaires
  • Third Party Data Processing Agreements
  • Retention Policy
  • Individual Rights Policy & Data Subject Access Requests Procedures
  • Privacy Impact Assessments
  • Personal Data Breach Notification Policy
  • Security Policy

The above information is provided for guidance only and does not constitute legal advice or otherwise create any legal liabilities or obligation on Avanta Care Ltd.