David Stock and Co Limited
GDPR Statement
General Data Protection Regulation (GDPR)
The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
David Stock and Co places a high priority on protecting and managing data, especially that of its clients and employees and ensuring that data:
1. is protected as it comes in to the firm
2. is held securely whilst in the firm
3. access is controlled whilst stored in all systems
4. is secured when it is sent to a third party where required
5. is securely destroyed once it is no longer required
We have policies in place that have been updated and reviewed to ensure the requirements of GDPR are addressed.
The following key policies are in place:
* Information Security
* Data Management
* Records Management Policy (incl. Data Retention requirement), Data Classification Standard
These provide the governance to ensure personal data is handled correctly.
David Stock and Co Limited does not have a Data Privacy Officer but in their place the Head of Information Risk and Data Protection will be responsible for the day to day compliance with GDPR and its requirements with support of the legal team.
Should you have any further questions regarding this GDPR statement then please contact us on Freephone 0800 975 2566.