“William Duncan don’t just prepare our accounts, they are proactive business advisers and add real value to our company. I trust Sandy’s advice implicitly and without him and his team, our business would not be in the successful position it is today.”
General Data Protection Regulation (GDPR)
Our network of businesses (WD) acts as a data controller for client’s personal data and as such have responsibilities to manage the data in a secure and professional manner. The regulations for holding this data are changing under a law called the General Data Protection Regulation (GDPR). It becomes EU law on May 25th and as such it will apply to all organisations holding personal data, both electronic and paper copies; in this case it will be WD. GDPR will not be affected by Brexit. WD are reviewing all their policies and practices for holding personal data.
That review includes the legal level of permission under which WD hold the data (whether WD have your permission to hold the information we have), exactly what data is held and why WD need to hold it. WD also have responsibility for any data that is processed by a third party and we will be reviewing our arrangements with any such organisation.
It will also be important WD update all policies to be GDPR compliant and review the length of time that personal data is held for.
WD are complying with GDPR by drawing up a new Privacy Information Notice to ensure you know what is kept on file, for how long and how you can complain about our data policies or breaches to the supervisory body.
This notice will be updated regularly over the next few months as WD make progress towards the end goal of being GDPR compliant within the regulatory timeframe.