GDPR compliance

The General Data Protection Regulations (GDPR) came into effect across the UK and EU from 25th May 2018 and apply to all organisations that store or process personal data. Further to Brexit, AdviserPlus complies with the UK GDPR and the Data Protection Act 2018.

AdviserPlus is committed to security best practice and already complies with industry standards, such as ISO27001:2017 and Cyber Essentials Plus. These certifications are subject to internal review and external assessment and we routinely review our security objectives to ensure we operate with the highest security standards.

How does AdviserPlus comply with UK GDPR?

To comply with the privacy standard set by UK GDPR, the following actions have been completed or are ongoing:

  • Independent Review
    AdviserPlus engaged an external data protection consultancy to perform a review of operations and actions taken to ensue our full compliance with GDPR.
  • Policies and Procedures
    Policies and procedures were reviewed and updated to address new requirements and are regularly reviewed and refreshed.
  • Supplier Review
    We reviewed all our supplier relationships to ensure we fully understand data flows and have the appropriate data contracts in place.
  • Culture and Training Awareness
    We have embedded GDPR as part of our culture throughout the business through mandatory UK GDPR awareness sessions and regular updates to employees.
  • Client Consultation and Engagement (as Data Processor)
    We consulted our clients and worked with them to support them with preparing for GDPR. On an ongoing basis we provide assistance with data flow maps, privacy impact assessments, approval of sub-processors / third parties, and data retention requirements.
  • Privacy Notices
    Our privacy notices comply with UK GDPR and we have updated our marketing and recruitment websites.
  • Data Protection Policy
    We updated our Data Protection Policy and issued appropriate guidance to all employees.
  • As Data Controller
    For processing of personal data as a data controller, we reviewed and updated data retention periods and reviewed controls of internal systems and procedures.
  • Ongoing monitoring is performed to ensure compliance with the requirements of the regulations.

For more information about how AdviserPlus complies with UK GDPR please contact our Data Protection contact at dataprotection@adviserplus.com.

 

Updated on 10/08/2021.