Contact us

captcha

GDPR Statement of intent

April 2018


Altodigital is aligning to the new EU General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. GDPR will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the UK’s current Data Protection Act (DPA) which it will supersede.

We are fully engaged in preparing for GDPR by investing in a comprehensive Information Management project, overseen by internal cross-functional teams and outside consultancy provided by Auriga Consulting.
We are committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards including ISO 27001 and IG Toolkit. The company will comply with applicable GDPR regulations when they take effect in 2018, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
To achieve this, we will be building on existing security and business continuity management systems and certifications, including ISO 9001, 14001, 27001, 27005 and IG Toolkit to ensure our own compliance aligns to our business plans and objectives.

It is important to recognise that compliance is a shared responsibility and all organisations and partnerships will need to adapt business processes and data management practices.
Altodigital is implementing and driving a robust ISO-based Information Security Management System (ISMS) and in order to ensure compliance will implement additional or augmented company-wide controls to meet GDPR requirements within the ISMS using internal and external advisors. Led by our DPO, updated information security policies and procedures will build on existing management systems (including ISO 9001, 14001, 27001 and ISO 27005). Altodigital is establishing an Information Control and Classification policy, informed by gap analysis and data protection risk assessments and supported by communication and training programmes to foster an inclusive information- aware culture across all of Altodigital’s services.

Many of the hosted services provided by Altodigital already conform with GDPR. As data processor, the company is undertaking risk assessments to include more detailed consideration of the data types held by Altodigital and a data protection impact analysis of personal information stored and processed. Policies such as incident response plans and backup data retention will be reviewed and updated within the ISMS.
Altodigital has appointed an Information Security Manager (ISM) and Data Protection Officer (DPO) who will inform, advise, monitor and report compliance internally and externally, according to the new regulations and guidance provided by the Information Commissioner’s Office (ICO) and other governing bodies.

Issued by: Mr Dave Gibson
Managing Director and Senior Information Risk Owner (SIRO)