Statement of Compliance
Atomwide recognises the importance of looking after personal data. We can confirm that Atomwide is compliant with GDPR, and that continuing compliance with GDPR is a board level priority.
With this statement we aim to inform employees, customers, business partners and suppliers of our commitment to data protection best practice and to ongoing GDPR compliance.
Data Protection by Design
- Atomwide is ISO27001 Accredited
- Atomwide is Cyber Essentials Accredited
- Atomwide provide USO, a secure identity provider and authentication system
In preparation for the adoption of the GDPR into law on 25th May 2018, Atomwide undertook a compliance programme to cover the following areas:
- 1. Awareness: A training programme to ensure that the board and employees are aware of the requirements of GDPR.
- 2. Information we hold: We document what personal data we hold, where it came from and who we share it with.
- 3. Communicating privacy information: We have reviewed current privacy notices and made appropriate changes.
- 4. Individuals’ rights: We have checked our procedures to ensure they cover all the rights individuals have, including how we would delete personal data or provide data electronically and in a commonly used format.
The GDPR includes the following rights for individuals:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and the right not to be subject to automated decision-making including profiling.
- 5. Subject access requests: We’ve updated our procedures and planned how we will handle requests to take account of the new rules.
- 6. Lawful basis for processing personal data: We’ve identified the lawful basis for our processing activity in the GDPR, documented it and updated our privacy notice to explain it.
- 7. Consent: We’ve reviewed how we seek, record and manage consent and confirmed we are compliant.
- 8. Children: We’ve put systems in place to verify individuals’ ages and to obtain appropriate consent.
- 9. Data breaches: Procedures are in place to detect, report and investigate a personal data breach.
- 10. Data Protection by Design and Data Protection Impact Assessments.
Our data management policies are always under review to ensure we are always compliant with the latest legislation and best practice.
Should you have any questions about this statement, please contact us at firstname.lastname@example.org