Genie Interiors

Suite 14
Cavendish House
Plumpton Road
Hoddesdon
Herts. EN11 0LB
Telephone: 01707 372501
Fax: 01707 328483
enquiries@genieinteriors.com

GDPR Compliance Statement

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from 25th May 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.

The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Genie Interiors Limited places a high importance on information security and will be complying with the GDPR as a controller and processor of data and have been planning and developing a programme of works which will deliver what is required by the legislation. This will involve working with our suppliers and partner organisations to ensure they can meet these obligations.

As we work towards compliance, we have engaged an external advisor to ensure we deliver best practice in compliance, and our programme up to May 2018 falls into these areas:

Customer Contracts: our Customer Services Agreement already addresses GDPR compliance. Policy Development: we will review/ refresh and develop our range of policies including (but not limited to) our Data Breach Policy, Data Compliance Manager appointment, Subject Access Requests, Individuals Rights, Information Commissioners Office (ICO) Good Practice, Data Collection & Consent, IT Policies: we will provide new and updated IT policies to incorporate the GDPR obligations.

Record of Processing Activities & Data Inventory: we are already undertaking a systematic review of the data we store, manage, maintain, collect, process and control. This includes CCTV footage/images, offline and cloud-based storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.

Training & Awareness: we will undertake training within the company on the GDPR and its impact on the new policies, procedures, and responsibilities of staff & stakeholders in this new regime.

Controls & Gap Analysis: running alongside the work already completed and underway, we will be continually reviewing the controls in place, or required.

Supplier & Partner relationships: where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.

Technology: we will be reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.

Senior Management and advisors at Genie Interiors Limited will continue to monitor the programme up to the target date in May 2018 and beyond. Should you require further information, please make enquires by contacting the Data Compliance Manager at Genie Interiors Limited, Suite 14, Cavendish House, Plumpton Road, Hoddesdon, EN11 0LB, email: enquires@genieinteriors.com, Telephone: 01707372501.