IRIS Connect are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.
However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill.
IRIS Connect are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our compliance with GDPR have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
1. Our GDPR Principles
- We will process all personal data fairly and lawfully
- We will only process personal data for specified and lawful purposes
- We will endeavor to hold relevant and accurate personal data, and where practical, we will keep it up to date
- We will not keep personal data for longer than is necessary
- We will keep all personal data secure
- We will endeavor to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection
2. GDPR Compliance
As part of our GDPR preparation process, we have reviewed and updated all our internal processes, procedures, data systems and documentation.
We comply with the GDPR as a controller and processor of data and have undertaken a programme of works which will deliver what is required by the legislation. This involved working with our suppliers and partner organisations to ensure they meet these obligations.
We have implemented the relevant policies and practices to ensure we protect any data including the following:
- Employees will be made aware of the GDPR and restrictions and obligations within it as may be
relevant to them, with the relevant training provided as necessary. Each staff member will have
completed an online awareness course and staff with key data protection responsibilities a GDPR Awareness Workshop.
- All new employees will receive awareness training as part of our induction programme.
- Suppliers who process personal data on behalf of the IRIS Connect have been identified and asked to provide details of their state of compliance with the GDPR and where appropriate agree to new contractual arrangements. Any new supplier will not be taken on unless we are satisfied that they comply with the new data protection regulations.
3. Our GDPR Actions to Date:
- We have appointed a Data Protection Officer
- Our internal project is maintaining a log of GDPR compliance work, which will be available to scrutiny if/when asked
- We undertook a gap analysis of all our business processes where personal data is either held or
collected and produced an action plan
- We have reviewed and updated our range of policies, including our Data Protection Policy and Subject Access Requests Policy
- We have introduced mechanisms to identify a potential personal data breach, how these will be
investigated and reported, where necessary within 72 hours
- We are undertaking a systematic review of the personal data we store, manage, maintain, collect, process and control
- We have assessed our lawful bases for processing data to ensure all personal data is processed
lawfully, fairly and transparently
- We have introduced legitimate interest assessments where we rely on legitimate interest as the lawful basis for processing any personal data
- We have conducted data mapping of all our processes involving personal data
- We are providing training to our employees and generally raising the awareness and importance of GDPR to our business and their individual responsibilities arising from this
- We are and will continue to look at ways of improving our systems and procedures to better comply with GDPR best practice
4. Contact Us
Should you require any further information about our GDPR compliance, please feel free to contact us using the details below:
Name: Simeon Drage
Phone: +44 (0)333 136 2483