Ross Gardner, IT Director at Plastic Surgeon, explores the changing face of data protection and how we're keeping ahead of the trend
The new General Data Protection Regulation changes are just around the corner and set to have a significant impact on data protection across the board. Plastic Surgeon have been working through the GDPR roadmap and we’re pleased to announce we’re now GDPR ready and fully compliant with the new requirements.
To provide reassurance and display our commitment to the new regulations, Ross Gardner, IT Director at Plastic Surgeon, has become a Certified EU General Data Protection Regulation Practitioner. Certification has ensured we learn from the experts and clearly identify the steps needed to achieve GDPR readiness.
Ross Gardner, IT Director at Plastic Surgeon said “GDPR isn’t necessarily a purely IT related issue. Unsurprisingly technology forms a strong back bone to our data processing capabilities but before we even got near to addressing the technological implications of GDPR we spent a considerable amount of time assessing processes and procedures. By completing an introspective review on how we interact with customers personal data in the day to day functioning of the business we identified areas where the new regulations will help us not only increase security but also provide a better service”.
With thousands of orders processed by Plastic Surgeon requiring homeowner or policy holder contact, the volume of personal data moving between customers, suppliers and the different departments means that data security is always on the agenda.
“The existing management systems that are already in place due to our ISO-9001 accreditation certainly had us moving in the right direction. All our policies and practices have now been updated with reference to the new regulation and we have created new Data Processing Agreements for all sub processors”.
Ross Gardner, IT Director
With Plastic Surgeon receiving work from over 3,000 different account customers throughout 2017, we regularly act in the role of Data Processor and are no stranger to meeting the obligations of GDPR passed down through the supply chain.
The GDPR brings a notable change from the outgoing Data Protection Act as it places direct obligations on data processors for the first time. Alongside these obligations comes the possibility of data subjects enforcing their rights against data processors. Potential non-compliance could escalate upwards to the initiating data controller if the ICO believes they have played a part in breaching the legislation through a lack of due diligence.
He concluded “The number of new Data Processing Agreements that we have been receiving in our role as a data processor is an encouraging sign that our customers within the construction and insurance industries are taking the new regulations seriously. Our documented policies and processes have been well received in response and the certification is helping to provide the peace of mind that many are looking for. As a data processor, customers are entrusting us with their data subjects personal data and I can fully understand why people are looking for suppliers who can provide the reassurance that the regulations will be adhered to throughout the entire chain.”
The new regulations are set to come into force on the 25th May 2018, after nearly six years of preparation and debate, Plastic Surgeon is proud to be part of an industry that is leading the way on compliance through a proactive approach amongst all parties.