Since the announcement of the General Data Protection Regulation (GDPR) back in 2016, organisations have been on a long journey reviewing their policies and procedures to make sure they complied with the new law by 25th May 2018.
Here is a summary of how TRL prepared for GDPR and is conforming to the legislation.
Last year the Head of Risk, Compliance and Business Improvement at TRL set up a GDPR working group which included our Expert Witness and Investigations team, to ensure the business followed the 12 steps outlined in the Information Commissioner Office (ICO) guidelines.
- Updated the Privacy Notice on our website, clearly detailing how TRL collects, stores and processes personal data in a manner that is compliant with GDPR.
- All marketing emails from TRL now include links to our Privacy Notice and a preference centre, giving people the option to unsubscribe from TRL emails.
- TRL’s Customer Resource Management System (CRM) is our central database for storing personal data in a consistent and secure location. We have added new fields in our CRM, enabling us to process and track peoples’ contact preferences, subscription date and if they unsubscribe.
Handling personal data
- Reviewed and revised all Expert Witness procedures for handling personal data, including but not limited to:
- handling new enquiries
- preparing cost estimates
- how to share data
- data retention policy
- archiving cases
- In April 2018, TRL sent out our GDPR Data Handling Agreement – TRL as the Processor document to the Data Protection/Compliance contacts for all solicitor clients we had worked with over the last 5 years, asking them to read, sign and return them.
Personal and sensitive data management procedure
- TRL updated its ‘Personal and Sensitive Data Management Procedure and Guidance’ which applies across the business, including advice on reporting breaches and gathering, storing and disposing of data.
- TRL has introduced a Personal Data Register which contains the information previously detailed in Data Protection Impact Assessments.
Terms and conditions
- The Expert Witness and Investigations Team have reviewed and updated TRL’s Terms and Conditions to ensure that they align to GDPR.