The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 and has impacted every organisation which holds or processes personal data.
It introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the previous Data Protection Act (DPA) which it has superseded.
Shinsei Corporate Management places a high priority on protecting and managing data, especially that of its clients and employees. The firm has complied with applicable GDPR regulations.
Shinsei Corporate Management has focused on the following GDPR requirements. These have been implemented by a project team with oversight from the Shinsei Corporate Management Data Protection team:
- Ensuring Privacy by design is implemented in all new projects, services and tools. - Fine-tuning processes to ensure they meet GDPR requirements, for example DSARs (data subject access requests), our Data Breach process and Privacy Impact Assessments. - Updating our terms and conditions to reflect GDPR requirements. - Updating our Privacy Standard Policy and Privacy Notices. - Ensuring the required consent and preferences have been requested where necessary. - Providing guidance on data retention periods. - Providing training for all staff to enable them to understand the requirements of GDPR and how to manage the data that they are responsible for effectively.
Shinsei Corporate Management has also implemented an Information Security framework which combines controls from NIST (National Institute of Standards and Technology) cybersecurity framework, ISF (Information Security Forum) and ISO2700 to ensure that data:
- is protected as it comes into the firm. - is held securely whilst in the firm. - access is controlled whilst stored in all Shinsei Corporate Management systems. - is secured when it is sent to a third party when required. - finally, that the data is securely destroyed once it is no longer required.
Shinsei Corporate Management has policies in place that have been updated and reviewed to ensure the requirements of GDPR have been addressed. The following key policies are now in place: Information Security, Data Management, Records Management Policy (incl. Data Retention requirement), Data Classification Standard. These provide the governance to ensure the PII data is handled correctly.
Shinsei Corporate Management does not have a Data Privacy Officer but in their place, the Head of Information Risk and Data Protection who will be responsible for the day to day GDPR compliance and its requirements with the support of the legal team.
Should you have any further questions regarding this GDPR statement then please contact us using the following email: [email protected]