Responsibility

Data Protection Officer – Paul Wheatley

 

What is the GDPR?

The New EU General Data Protection Rules (GDPR) come into force on 25 May 2018 and is the most significant piece of privacy legislation in the last twenty years.  It aims to strengthen the rights that EU individuals have over their personal data and seeks to unify data protection laws across Europe.

The GDPR will impact every organisation which holds or processes personal data and businesses will be required to demonstrate their compliance. The GDPR also introduces more stringent enforcement and substantially increased penalties for non-compliance than the Data Protection Act (DPA) which it supersedes.

 

MGA(GB)’s commitment to Data Protection under GDPR

We have appointed a Data Protection Officer (DPO) responsible for overseeing and implementing data protection strategy across the firm to ensure our compliance with the requirements of the GDPR.

We are committed to:

  • Preparing for the introduction of GDPR by carrying out a review of our internal data protection policies and procedures and recording what data we hold and process and why;
  • Being transparent and providing accessible information to clients, our people and third parties about how their personal data is used;
  • Reviewing our relationships with third parties to ensure that all current and future contractual arrangements are compliant with the GDPR;
  • Ensuring that appropriate data security and privacy measures are in place across all aspects of the Association;
  • Educating all staff in GDPR and ensuring all staff are fully aware of their obligations under GDPR by providing appropriate training.
  • Putting in place efficient processes in relation to the identification and notification of data breaches;
  • Ensuring (beyond May 2018) the continuous fulfilment of our GDPR obligations by monitoring our compliance via internal audits and annual reviews of all data protection policies and procedures.
  • Prepare,  maintain and annually review all documents that evidence our compliance to GDPR