GDPR Commitment Statement

GDPR Commitment Statement

The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.

Plan Staff Now will comply with applicable GDPR regulations as a data processor when they take effect on 25th May 2018. Working in conjunction with our clients, we will explore opportunities within our services offerings to assist our customers to meet their GDPR obligations.

We are committed to address EU data protection requirements applicable to us as a data processor. These efforts have been critical in our ongoing preparations for the GDPR:

Data processing:

Our ability to fulfill our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using a third-party like us to process personal data.

Privacy Shield Principles:

To learn more about the Privacy Shield Framework and the Privacy Shield Principles, please visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov.

Data portability:

The GDPR includes certain requirements on data controllers for the portability of personal data. The data our customers store in Plan Staff Now is theirs. We provide for portability and are continually working to enhance the robustness of our data export capabilities.

Where Do You Stand?

As a current or future client of Plan Staff Now, now is a great time for you to begin preparing for the GDPR as a data controller. Consider these tips:

Get to know GDPR: Familiarise yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with both your clients and candidates. Also, note the variance of local provisions which may be superseded by the new regulations when they become EU law in May this year. Be aware that new requirements may require new solutions that meet the stringent requirements ahead.

Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal information that you control. Review your current controls and processes to ensure that they're adequate, and build a plan to address any gaps. Here are some steps you can take today:

1. Review your field maps
2. Review your process documentation
3. Ensure you have a lawful basis for processing the data

Stay informed: Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. We recommend regular review of the Information Commissioner's website, which is the UK representative within the EU working group: Article 29.

Available on the go

Once you are registered, you can access all of these key benefits straight from your phone. Find us on:

Get it on iTunes Get it on Google Play