Disclaimer: This blog post is not legal advice for your company to use in complying with the GDPR. This is an article explaining some basic principles of GDPR, and what Field Scope International is doing to stay compliant with them.
The General Data Protection Regulation (GDPR) aims to set a new standard for how companies will use data of the EU citizens. The goal is to give those citizens rightful ownership over their data, as well as to provide complete transparency in terms of how that data is being used (processed, transferred and protected).
At Field Scope International, we have been working very hard to oblige to this set of rules and adapt to the upcoming changes. Our company already has an internal Data Protection Act whose policies and processes are being enforced, however, to comply with GDPR, we needed to update and improve that Act.
Below is a brief overview of the GDPR, and how we are preparing for it at Field Scope International.
‘The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.’ – EU GDPR.
1. GDPR Compliance Team
In September 2017 Field Scope International had formed an internal GDPR Team– a group of people with most insight and access to data within our offices. Those team members have been attending different GDPR courses, seminars and webinars, while diligently working to prepare us for 25th of May.
2. Working on ICO guidelines
By following the 12 steps highlighted in the ICO guidelines the Team created a clear GDPR compliance path for our company. These steps helped us establish which parts within our organization could be improved. Furthermore, they led us towards our next step – updating of internal procedures and policies.
3. Updating internal procedures
Since our GDPR Compliance Team started working on the GDPR and ISO 27001 compliance we have been reviewing our company’s approach to managing and securing data of our clients and respondents. We have been enhancing our internal policies, thus as a result, with each change we are getting one step closer to compliance.
4. Becoming ISO 27001 and ISO 9001 compliant and certified
ISO 27001 standard is a framework for information security, it provides requirements for an information security management system (ISMS). Therefore, the implementation of an ISMS compliant with ISO 27001 is a secure step towards the GDPR compliance.
ISO 9001 consists of a number of quality management principles, such as strong customer focus, the motivation and implication of top management, the process approach and continual improvement.
After becoming compliant with both standards, Field Scope International will start the certification process.
Our preparations are ongoing and will continue until May. The reforms we are making are significant for Field Scope International’s future development. Additionally, we firmly believe that the changes we made will strengthen the relationships we have with our clients and respondents. Our internal GDPR Team has made a lot of progress since September, as we are fully committed to achieving compliance with the GDPR.