A culture of respect for data protection and privacy
The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018. Therefore, here at e.surv Chartered Surveyors, we’re in the final stages of preparing for compliance.
Our approach has been to embrace the GDPR and use the regulation as a basis to enhance data security within all areas of our business for the benefit of our colleagues, clients and customers.
Our GDPR journey began two years ago when we took the decision to work towards the ISO 27001 standard for Information Security Management Systems. This provided us with a fantastic basis for GDPR but our preparations didn’t stop here.
Our aim is to establish a culture of respect for data protection and privacy – not just for the security of the data we process as a business, but for individuals to understand the importance of data privacy in everyday life e.g. what it means for parents when safeguarding children.
Here’s our GDPR journey so far ….
1. ISO 27001
Two years ago, we began working towards ISO 27001 which we successfully achieved in February 2017. This was a major step towards compliance with the new rules.
We have now established procedures to pre-empt data security threats and have protection in place to prevent breaches. We have also taken measures to ensure the timely notification of any breaches to the relevant authorities and the individuals affected, plus the right for individuals to be forgotten.
2. Data audit
Over a period of four months, we conducted a thorough audit, site-by-site and department-by-department. This included interviews with every team leader, head of function and manager within the business and provided a clear picture of where all our data was, what it was used for, and how it was processed and protected. We could then be confident that we had covered all possible areas where data security must be considered and managed appropriately.
3. Revised guidance
As a result of the GDPR regulations, we’ve revised guidance for many people across our business. For example, surveyors must avoid capturing the number plates of cars and family photos when photographing a house for a valuation or survey report.
4. Colleague engagement
We have run a number of GDPR briefings and workshops throughout the business to ensure that everyone is engaged with the changes. It is important that everyone at e.surv Chartered Surveyors understands why the GDPR is being enforced and how it’s beneficial for them as individuals and the business as a whole.
Post-25 May 2018
When 25 May 2018 comes and goes, how will we ensure that the regulation continues to remain a top priority for everyone at e.surv?
Shane Ross, Head of Risk and Audit at e.surv, explains: “The digital world is changing rapidly. Therefore, here at e.surv, we will never stop listening, learning and finding new ways to improve the way we handle data security.
“Crucially, it’s important to understand that compliance with GDPR is as much about people as it is about data. We’re confident that by imbuing a cultural shift and good practice in the way we all approach data, we will continue to reduce risk to our lender clients and our customers.”
More information about GDPR
The General Data Protection Regulation is the most important change to data privacy regulation over the last two decades. It aims to harmonise data privacy laws across the EU, boost individual rights and reshape the way organisations manage the data they collect, process and store.
There will be large fines for failures of up to £17 million or 4% of a company’s global annual turnover.
For more information about GDPR, please visit the website: www.eugdpr.org
Why is GDPR important for us, our clients and customers?
Because they are the data controllers, our lender clients have a vested interest in us being compliant with GDPR and any breeches would have a serious impact. As risk specialists, many lenders have in fact come to us for advice and support on their own journeys towards becoming GDPR compliant.
Our customers are entitled to the reassurance that we will only collect, process and store data that is essential to delivering our surveys and valuation reports. We will only use data for the purpose in which it was obtained and our customers must be confident that we have all the necessary measures in place to keep their data safe.
If you have any questions about data security at e.surv, please contact Shane Ross, Head of Risk and Audit at e.surv Chartered Surveyors, on firstname.lastname@example.org or call 01536 535 524.