Bisio Training gains ACP status with BSI
Bisio Partners with ExamWorks-IS
Bisio to Provide L3API to ExamWorks-IS...
Bisio Training Ltd is a UKRLP Registered Company
About Bisio Investigative Training
|Bisio Training Ltd - Data Protection Policy|
| Company Registration Number Z3013960 – Information Commissioners Office (ICO)|
The General Data Protection Regulation (GDPR) creates a new legal framework to apply across the EU, including the UK from the 25 May 2018. This replaces the Data Protection Act 1998.
New requirements include: -
- Reporting data breaches
- Cross border considerations
- New rights for contacts – the need to inform contacts how we are using personal data and their rights under GDPR to request that personal data is deleted
- The need to demonstrate that we are mitigating against risks of misuse of clients’ personal data
Bisio Training will analyse the ten key areas of compliance with the GDPR viz:
- Governance – the leadership team and functional managers will be made aware that the law is changing to the GDPR and they will appreciate the impact this is likely to have.
- Risk Management – we will consider and manage any risk to the organisation, as well as risk to data subjects resulting from a data breach.
- GDPR Project – we have a project team comprising of two of the company directors addressing the specific requirements of GDPR to become compliant.
- Data Protection Officer (DPO) – a DPO will be appointed from the leadership team.
- Roles and Responsibilities – we will identify the roles that are likely to have responsibility under the GDPR and establish appropriate skills, knowledge and training.
- Scope of compliance – we will identify how much of the organisation is in the scope of the privacy compliance framework.
- Process analysis – we will identify all the controller-processor relationships that involve data processing. This area could form part of a data flow audit in a later stage of our GDPR compliance project.
- Personal information management system (PIMS) – we will manage our documentation to enable us to demonstrate GDPR compliance in respect of managing personal data.
- Information security management system (ISMS), Principle 6 and Article 32 – we will adhere to the responsibilities of information security and protecting the security of data subjects.
- Rights of data subjects – we recognise data subjects’ rights and will have procedures and technologies in place to help them exercise those rights.
| || || ||