A. Soutzis Audit Ltd and the GDPR

The General Data Protection Regulation (GDPR) is a Regulation of the European Union and, from 25 May 2018, it applies to all organisations that collect and process the personal data of EU citizens.

As a responsible, forward-looking business, A. Soutzis Audit Ltd recognises at senior levels the need to comply with the GDPR and ensure that effective measures are in place to protect the personal data of our customers, employees and other stakeholders.

Commitment to the security of personal data extends to senior levels of the organisation and will be demonstrated through the relevant policies and the provision of appropriate resources to establish and develop effective data protection and information security controls.

As part of meeting our legal obligations, we have put in place a comprehensive programme to understand and validate our use of personal data and to confirm the legal basis of our processing.

An updated Privacy Policy is available in both paper and electronic form and will be communicated within the organization and to all relevant stakeholders and interested third parties.

We will also ensure that a systematic review of performance of the programme is conducted on a regular basis to ensure that its objectives are being met and relevant issues are identified and addressed.

Where appropriate, a data protection impact assessment approach which is line with the requirements and recommendations of the GDPR and relevant best practice, will be used.

Risk management will take place at several levels within the organization, including:
• Assessment of risks to the personal data we collect and process
• Regular information security risk assessments within specific operational areas
• Assessment of risk as part of the business change management process
• At the project level as part of the management of significant change, including Data Protection Impact Assessments (DPIAs)

We would encourage all employees and other stakeholders in our business to ensure that they play their part in complying with the GDPR at all times and in delivering our information security objectives.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these