As the GDPR is effective from 25th May 2018 OFFICE365 have established a dedicated team that is working towards making sure we continue to comply with the new regulations. We are ensuring we have a full understanding of how our date is stored, processed and controlled.

All our policies are under continuous review and through collaborating with our customers and suppliers we will be ensuring all personal data is handled in controlled and secure manner, we do not share data with any 3rd parties (unless legally or contractually required to do so) and will only collect and store data for legitimate business purpose to provide the agreed services. We are taking measures with our employees to ensure best practice when dealing with sensitive information we are also using the opportunity to encourage general digital security awareness across the company.

So what action are we taking?

• Data impact assessment has been carried out to understand what data we hold and how it is processed, as well as establishing a lawful basis for which remaining data is being held.
• General awareness campaign to increase employee knowledge of GDPR
• Reviewed current policies and procedures and tailored as necessary to meet with the new regulations.
• Carried out training for employees regarding the handling of processing of data.
• Ensuring all new IT equipment issued has appropriate security measures in place & recalling all existing equipment for review and updating as necessary.
• Removing and securely disposing of any unnecessary data for which we no longer have a requirement for.
• Established a data protection person function in order to monitor and control how we process data.
• Contacting suppliers who may process data on our behalf and review contracts to include a data protection agreement along with the standard non-disclosure agreement, and questioning them to ensure they themselves are compliant.
• Re-engaging with customers to ensure data held is relevant and up to date.