We’re three months into the regulation having come into force on 25 May, and I am pleased to say that we have accomplished everything that we set out to in our GDPR compliance programme.
As mentioned in previous articles, we effectively developed our software and modified our services to help our customers comply with the GDPR.
We communicated information to our customers in relation to their software systems, and also provided more general hints and tips on their GDPR compliance.
All SSP employees successfully completed the mandatory GDPR online training course, EU General Data Protection Regulation (UK); and those employees that are directly involved in processing personal data also completed an intensive course held by an external specialist, Christina Tueje from QA.
“Thank you very much for the opportunity to collaborate with you regarding your GDPR training and consultancy needs. I'm impressed with the amount of GDPR compliance activity that has taken place within SSP and the delegates are tremendously hard-working yet they fully engaged with the training sessions that I delivered.”
Christina Tueje, Information Governance and Information Security Specialist, QA
The changes to SSP’s policies and procedures following GDPR are now embedded in our day to day operations. We continue to review our practices and procedures to ensure that we comply with the legislation and adopt good industry standards in respect of our information security. For example we are in the process of implementing a state-of-the-art, artificial intelligence driven malware protection system across our IT estate. We also have a working party in place to ensure that the principles of privacy by design and default are properly and consistently applied across SSP’s flagship products and services.
To take advantage of wider industry and academic knowledge about the protection of personal data, SSP has joined the International Association of Privacy Professionals (IAPP), the world’s largest and most comprehensive privacy resource. Being a member of this organisation allows us to train staff to help meet our privacy programme goals of reduced risk, improved compliance, enhanced brand loyalty and more.
As SSP’s Data Protection Officer I was able to attend their courses and in July, I successfully completed examinations to earn two ANSI-accredited certifications: Certified Information Privacy Professional/Europe (CIPP/E), and Certified Information Privacy Professional (CIPM). I am proud to join the ranks of more than 10,000 professionals worldwide who currently hold one or more IAPP certifications.
How you can stay in touch with GDPR developments?
In addition to the EU’s GDPR website www.eugdpr.org, the ICO has on its website information and guidance about the GDPR www.ico.org.uk. To find out more about the IAPP you can visit their website www.iapp.org.
For more information on the GDPR in relation to SSP, please contact your account manager.
About the Author
Company Secretary and Data Protection Officer — Richard has more than forty years’ experience of working in the IT services sector, for the most part serving the financial services industry. Richard sits on the main SSP management group, and is Company Secretary for all of the SSP group companies in the UK. He is head of Legal and Commercial for the worldwide SSP business, as well as being in charge of compliance and was appointed SSP’s Data Protection officer in 2017.More content by Richard Forrest