What is GDPR?
In 2012, the European Commission began a process to reform Europe's existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and will take effect on 25 May 2018.
GDPR aims to make data protection regulations:
Updating EU data protection standards to make them more suitable for today’s world
Remedying some of the perceived deficiencies of the current Data Protection Directive
Achieving a better, more harmonised standard of data protection throughout the EU
What does GDPR change?
GDPR means significant change, but it’s a great opportunity for companies to take stock of their current data processing activities and make sure they’re protecting customer data appropriately.
While many organisations already do the right thing when it comes to personal data, GDPR requires organisations to document and be able to show how they comply with data protection requirements. This means additional documentation of systems, processes and procedures.
On top of existing rights in the EU, like the right to access and correct personal data held by an organisation, GDPR introduces new data protection rights for individuals such as the right to obtain and reuse personal data across different services, and the right of erasure.
Privacy by design
Organisations must implement technical and organisational measures to show they have considered and integrated data compliance measures into their data processing activities. This builds on the idea that privacy should be considered from the start (and throughout) the systems and product design process.
What is Radiance Skin Care and Laser Clinic doing about GDPR ?
Radiance Skin Care and Laser Clinic has taken its responsibilities under GDPR seriously. That’s why we’ve embarked on a programme to identify which measures we need to implement to be compliant with GDPR, and are working to implement them in time for 25 May this year.
Here is a quick summary of what we’ve done to date:
· We conducted a comprehensive data-mapping exercise that tracks personal data flows throughout our systems and services. We are in the process of finalising the data maps
· We are well underway with engaging all key third-party vendors to make sure we have the appropriate contractual protections in place that satisfy GDPR requirements
· We’re refining procedures to deal with some key data subject rights, like subject access requests and the right to request deletion
· We’ve produced a GDPR compliant Data Processing form
· We’ve updated our Privacy Notice to be GDPR compliant as well as more clear, concise and transparent about how we process personal data
· We’ve updated our incident response procedures to bring them into line with GDPR
· We’ve implemented a company-wide data protection training module for all personal