As a responsible, forward-looking business, SOCOTEC UK recognises the need to comply with the GDPR and ensure that effective measures are in place to protect the personal data of our customers, employees and other stakeholders.
We have put in place a comprehensive programme to understand and validate our use of personal data and to confirm the legal basis of our processing. This programme includes a full review of all data systems, associated processes and security controls.
Where appropriate, a data protection impact assessment approach, which is in line with the requirements and recommendations of the GDPR and relevant best practice, is being used.
Risk management is taking place at several levels within the organisation, including:
- Assessment of risks to the personal data we collect and process
- Regular information security risk assessments within specific operational areas
- Assessment of risk as part of the business change management process
- At the project level as part of the management of significant change, including Data Protection Impact Assessments (DPIAs)
If you require any additional information regarding our programme or approach, please contact dataprotectionuk@SOCOTEC.com