The European General Data Protection Regulation (GDPR) law came into effect on 25 May 2018. The law looks to ensure all personal data relating to EU citizens is protected and the companies who work with such data are held accountable for its protection. The UKs exit from the European Union does not alter these rights or responsibilities.
To ensure that Neo are operating at the highest standards we have taken several additional steps over and above our core obligations to deliver to our clients robust GDPR compliance. With data collection at the core of our client services, safeguarding personal data is of the utmost importance to us.
Our main areas of review have been:
A Personal data review
Neo have reviewed all existing data policies and procedures to make sure they adhere to the legislation and uphold the highest standards of privacy and protection of personal rights.
Neo have audited all data held and processed in the business, to confirm and record
- Nature and purpose of processing
- Categories of data subject
- Types of personal data held and processed
We have identified and confirmed the lawful basis for all client personal data held and processed
Additional assurances. Neo have:
Reviewed procedures to align with the individual’s rights to be consistent with GDPR requirements.
Introduced review cycles to ensure policies are current and fit for purpose.
Implemented processes and technology to improve subject access requests.
Introduced new contractual arrangements to both Neo and client responsibilities and obligations under GDPR.
Reviewed our processes with regards to data breach reporting and adjusted to accommodate GDPR rules.
Trained staff on the new legislation.
Re-written our privacy policies to align with GDPR guidelines.
Click here to find out more about your data rights.