GDPR Executive Summary
As a responsible business, Metropolitan Insulation Services, a trading style of Richmond Refurbishments Ltd (RRL) has taken a robust approach to the new General Data Protection Regulations (GDPR).
The RRL GDPR Executive Summary provides the backbone to its approach and is a ‘live’ document with effect from 25th May 2018.
As a live document it is iterative and allows for changes at any time as the regulatory framework evolves and where, as a consequence of this, RRL recognises a need for amendments.
Routinely, the RRL GDPR Executive Summary will be formally reviewed every 12 months by the RRL GDPR Project Group. This group is headed up by a RRL Directo, and takes feedback from all members of staff.
The RRL GDPR Executive Summary is a document that is shared with all staff members.
In establishing the RRL approach to GDPR the following has been considered:
- Established that legitimate interest is the most appropriate lawful basis for processing the data it holds:
- i. In the case of new clients, data is kept on a transactional basis; ie legitimate interest exists as the data subject is considered to be a customer. Express consent is sought where marketing communications beyond the initial work is thought to be necessary – otherwise, all data is removed.
- Explained already or will explain how an individual’s personal data will be used when collected.
- This is published on the RRL website.
- Ensured that only the minimum amount of data is collected from any individual for the purpose.
- Provided an option to refuse marketing communications.
Asking for consent:
- Checked that consent is the most lawful basis for processing any data held.
- Asked for consent separately to the standard terms and conditions.
- Asked for positive opt-ins.
- Created a double opt-in function for website subscribers.
- Not used pre-ticked boxes.
- Used plain simple language.
- Explained why it needs the data and what it will be used for.
- Where appropriate, named 3rd parties with whom data may be shared.
- Has explained that consent may be withdrawn at any time and is easy to withdraw.
- Maintained a record of how consent was gained.