When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.
As May 25th draws ever closer we thought we thought you might appreciate a Toolkit update that addresses many of the requests we’ve had since V3. This release is intended to bolster key areas, such as Controller and Processor, Privacy Notices and Accountability/Security, whilst providing a bit more definition in others, such as Personal Data Analysis.
So, in a nutshell, what’s new? Well, we’ve added some documents which may help to communicate with your customers and suppliers about GDPR and confirm whether everybody is ready. These include a GDPR Readiness Statement, a GDPR Letter to Processors and a GDPR Readiness Checklist which together should save you time in responding to others, whilst helping to give some of your processors that nudge they need in the right direction.
We’ve also added a draft Data Processing Agreement which fits in with the policy we introduced in V3 and may help to get the right form of contractual words in place with your processors in a shorter time.
Many people are starting to realise that understanding your personal data is only half the battle and that the controls involved in protecting it are a whole subject in themselves. To help with this, we’ve added no less than ten information security-related policies to the Toolkit, including a Mobile Device Policy, an Access Control Policy, a Network Security Policy and a Cloud Computing Policy.
In the area of Breach Management we’ve included a Breach Notification Letter to Data Subjects in case you’re unlucky enough to need that, and in GDPR Roles, Awareness and Training, there’s now a GDPR Awareness Training Presentation that may help to communicate all your good work on GDPR throughout the organisation.
We’ve tidied up the area of Personal Data Analysis and focussed on a single spreadsheet tool, the renamed Personal Data Analysis Form, with the other spreadsheets being gracefully retired due to customer confusion about how the tools related to each other. Hopefully this will make the process of understanding your personal data slicker and more meaningful.
In the Privacy Policy and Notices folder, we’ve renamed the main policy to simply Data Protection Policy to better reflect its internal focus and introduced a template Website Privacy Policy to supplement the existing Privacy Notices in the Toolkit. We’re still big fans of Just in Time Privacy Notices, but we recognise that having a single coherent Privacy Policy on a website can also pay dividends. We’ve created some example Privacy Notices in the areas of Employment and Website Enquiry to show what these could look like.
The Privacy Notice Planning Form has been split into two, one for where the data is collected from the data subject, and the other for where it is obtained from another source.
We continue to get great feedback about the GDPR Toolkit and thanks to everybody who gave us a positive review at reviews.co.uk.
Good luck with your GDPR work in the run up to 25 May and keep the enhancement suggestions coming.
Best Regards
The CertiKit Team