AT&C Professional Systems Ltd and the EU General Data Protection Regulation (GDPR)
As a responsible, forward-looking business, AT&C Professional Systems Ltd recognises at senior levels the need to comply with the GDPR and ensure that effective measures are in place to protect the personal data of our customers, employees and other stakeholders.
As part of meeting our legal obligations, we are currently reviewing our Data Protection Policy which will shortly be communicated within the organisation and to all relevant stakeholders and interested third parties.
Commitment to the protection of personal data extends to senior levels of the organisation and will be demonstrated through the Privacy and Personal Data Protection policy and the provision of appropriate resources to establish and develop effective data protection controls.
Top management will also ensure that a systematic review of performance of the programme is conducted on a regular basis to ensure that data protection objectives are being met and relevant issues are identified through the audit programme and management processes.
Risk management will take place at several levels within the organisation, including:
- Assessment of risks to the achievement of our data protection objectives;
- Regular data protection risk assessments within specific operational areas;
- Assessment of risk as part of the business change management process;
- At the project level as part of the management of significant change, including Data Protection Impact Assessments (DPIAs).
We would encourage all employees and other stakeholders in our business to ensure that they play their part in complying with the GDPR at all times and in delivering our data protection objectives.
Paul Menton and Richard Newman