Since the implementation of the new General Data Protection Regulation in May, we have been busy ensuring that everything we do is compliant with the regulation covering both our own operations and also the processing of data through our frameworks and call off contracts.
The tasks undertaken so far are:
- Trained Rowena Jones (EEM’s Senior Data Analyst)
- The majority of our Contractors and Suppliers have now signed a GDPR variation to their existing framework agreements
- Updated our tender documents and future framework agreements to reflect the changes
- Produced appendices for the standard form of contracts we use to include for GDPR clauses
- Audit of our Pricebook, Website logins and contact list to ensure we are only holding information for and contacting people we have a lawful basis to do so
- Written a privacy notice with the link now on the website
- Reviewed sources of data we have, why and what we do with it
- Written a GDPR policy
- Produced a statement to go on all our forms where we are asking for personal data to explain why we need it, the lawful basis and how people can request for removal
- All staff have completed (and passed!) a GDPR awareness e-learning course
- Everything we have put in place has been shared with the consortia we work in collaboration with
GDPR is now a standard agenda item at our Team meeting and any concerns or questions raised by EEM team members are raised to Rowena with the decision and action to be taken logged for future reference. This ensures we are taking a consistent approach to how we handle and process any data and it is constantly under review so we can be pro-active to address any issues that arise in relation to GDPR.