In order to assure you that steps are being taken to ensure compliance we have listed the steps being taken below:-
•Briefing and training for all levels of staff including Management & Supervisory staff
•Central Office and Support staff
•IT and system staff
Lewis & Graves Partnership are in the process of putting in place an audit process to ensure that there is system resilience for information held on our computer systems and information kept in hard copy form. The audit will include a review of any data kept on 3rd party sites and data held by sub-contractors (of which there are relatively few).
Data Protection and confidentiality policies will be reviewed in the next 30 days to ensure that they remain fit for purpose and reflect the additional requirements of the GDPR.
Staff operating on sites will be informed of their duties and responsibilities under the new Regulations. It is worth noting that very few staff (if any) will come into contact with personal or sensitive data. However, Lewis & Graves recognises its responsibilities in the unlikely event that staff working for the organisation do come across such data.
The Lewis & Graves Quality Management System will also be reviewed in order to update operating procedures and develop an information register which will be reviewed on a regular basis. The revised procedures will be clear about storage, destruction and retention periods for any sensitive data held by the organisation.