GDPR

Reference: 

848

Request detail: 

I am writing to make a request for information under the Freedom of Information Act 2000.

If this request is too wide or unclear, I would be grateful if you could contact me as I understand that under the Act, you are required to advise and assist requesters. If any of this information is already in the public domain, please can you direct me to it, with page references and URLs if necessary.

I understand that you are required to respond to my request within the 20 working days after you receive this letter. Answers will be anonymised upon receipt.

1.      Do you plan on investing in technology specifically to comply with GDPR in the next 12 months?

o   Yes

o   No

 

2.      Have you implemented information security network(s)? Have those networks been updated to take account of GDPR?

o   Yes

o   No

 

3.      Nearly six months after GDPR has come into effect, have you completed an assessment and validation with all third-party organisations you work with regarding GDPR compliance?

o   Yes

o   No

 

4.       Do you monitor the compliance of all the third-party organisations you work against your information security?

o   Yes

o   No

 

5.      Under the new rules, have you completed an audit to identify all files or databases that include personally identifiable information (PII) within your organisation?

o   Yes

o   No

 

6.      Have the employees in your organisation received training on data protection and other relevant law?

o   Yes

o   No

I look forward to hearing from you.

Response detail: 

Thank you for your Freedom of Information request.  

 

Please see below responses to your questions.

.         1  Do you plan on investing in technology specifically to comply with GDPR in the next 12 months?

o    Yes

o    No

 

2.      2 Have you implemented information security network(s)? Have those networks been updated to take account of GDPR?

Yes
No

 

3.      3 Nearly six months after GDPR has come into effect, have you completed an assessment and validation with all third-party organisations you work with regarding GDPR compliance?

      Yes

o       No

 

4.      4 Do you monitor the compliance of all the third-party organisations you work with against your information security?

o       Yes

o       No

 

5.      5 Under the new rules, have you completed an audit to identify all files or databases that include personally identifiable information (PII) within your organisation?

     Yes - Information Asset Register

o       No

 

6.      6 Have the employees in your organisation received training on data protection and other relevant law?

o       Yes

o       No

Information Released: 

(Not held)

Received: 

Wednesday, 24 October, 2018

Responded: 

Tuesday, 20 November, 2018

Topic: