We have just received a GDPR certification and it means that we have demonstrated to external auditors that there are policies and procedures in place to ensure the careful consideration of all points of client interaction. Not once, this review takes place at regular intervals to secure personal information.
When an organization has over 250 employees, then the GDPR requires them to establish an up-to-date and detailed list of the processing which is undertaken. This should include details of why the processing is taking place, the type of data being processed, and details of who has access to it.
Then there should be information provided on what action has been taken to protect the data and when, if possible, it will be erased.
On an organizational level, this may require limiting the volume of personal data collected and promptly deleting data that is no longer needed. It is essential that in implementing a data security policy, all staff members are both aware of it and follow its procedures.
By applying and securing a GDPR certification we have exhibited that the complete satisfaction of clients is our utmost priority and we are (and will remain) committed to the same.
