What steps has HarknessKennett been taking to become GDPR-ready?
In advance of the “go live” date for GDPR on 25 May 2018, HarknessKennett has been examining its data protection procedures and GDPR-readiness. HarknessKennett is carrying out a formal review of the data we store, process, collect and control to ensure that all personal data is handled in accordance with the GDPR. Following on from that, we are reviewing internal procedures and policies to achieve ongoing compliance. This includes:
- External Policies: privacy policies, information security standards for third party suppliers;
- Internal Policies: data protection policy, IT policies, data retention and deletion policy and Human Resources recruitment, on-boarding and exiting procedures;
- Supplier Compliance: wherever HarknessKennett uses subcontractors that have access to personal data, we seek to put in place data sharing agreements designed to comply with data protection law. We are currently reviewing this process and are looking to enhance these procedures;
- Client Contracts: If necessary, we will update the terms of service for our clients in order to ensure they are fully data protection compliant.
Does HarknessKennett transfer any personal data outside the EU?
HarknessKennett predominantly stores data in the EU. Where data may be transferred outside the EU, we are implementing appropriate safeguards, such as the standard contractual clauses (SCC), to achieve compliance with the GDPR.
HarknessKennett takes IT security very seriously and will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information.
HarknessKennett maintains appropriate insurance to mitigate breaches experienced directly by HarknessKennett (whether deliberate or accidental), including coverage of disaster recovery management and return to operation in the event of a security breach.