Date: 1st April 2018
In this policy the terms “we”, “us”, “our”, “i-Image”, “i-Image IT” or “i-Image Group” refers to i-Image IT Ltd. and its subsidiaries.
Our Commitment to GDPR
On 25th May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects. The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Where do we stand?
i-Image IT Ltd. places a high importance on information security and as part of our process we are reviewing (and updating where necessary) all our internal processes, procedures, data systems and documentation to ensure that we are ready when GDPR comes into force on 25th May 2018.
i-Image IT Ltd. will be complying with the GDPR as a processor and controller of data and have been planning and developing a programme of works which will deliver what is required by the legislation. This will involve working with our suppliers and partner organisations to ensure they can meet these obligations.
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual’s consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection
As we work towards compliance, we have engaged an external advisor to ensure we deliver best practice in compliance, and our programme up to May 2018 and beyond falls into these areas:
- Customer EULA: our End User Licence Agreement will address GDPR compliance.
- Policy Development: we will review, update and develop our range of policies including (but not limited to) our Data Breach Policy, Business Continuity Plans, DPO appointment, Subject Access Requests, Individuals Rights, ICO Good Practice
- Data Impact Assessments & Data Inventory: we are already undertaking a systematic review of the data we store, manage, maintain, collect, process and control.
- Training & Awareness: we will undertake training across the Group on the GDPR and its impact on the new policies, procedures, and responsibilities of staff & stakeholders in this new regime.
- Supplier & Partner relationships: where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.
- Technology: we will be reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.
Our Senior Management Team and advisors will continue to monitor the programme up to the target date in May 2018 and beyond.