Our approach to data protection

You might have heard it mentioned there are some changes to data protection laws coming up. These changes are predicated on the very sensible premise that individuals shouldn’t have their personal data unfairly manipulated for any unwanted marketing or for any other, more nefarious practices.

To be clear, this is the General Data Protection Regulation (GDPR) you’ll have heard a lot about over the last little while. Like, every day for the last year. It’s been the Royal Wedding of new legislation. Except no one has the option of not turning up on the big day; in this case, May 25. Yes, as in this Friday.

It goes without saying we’re very much in support of the approach laid out by GDPR, but to make sure we’re fully compliant with the new arrangements, here’s a rundown of what we’ve done, what we’re working on, and how you can expect us to handle personal data.

  1. Fair Processing Notices: we’ve provided our staff with a comprehensive schedule of how we’ll use and store their data, in line with the new laws. You can click here to read the privacy policy on our website which will detail the same for consumer data which we might gather on behalf of our clients, and any journalists, bloggers or other influencers we might want to contact in the course of our work for clients.
  2. Article 30 register: this is where we’ll hold a record of the data we process. Just as much fun as it sounds, but very important. We’ll update on an ongoing basis as required.
  3. Third parties: we use a number of third parties who’ll process data on our behalf. We’re making sure all of our contracts with them are fully compliant and have adequate procedures in place to cope with any potential breaches, should they occur.
  4. Data Protection Officer: Bryan Garvie, one of our directors, is the data protection officer for BIG Partnership. Contact him with any questions here.
  5. Training: our staff have been trained on the principles of GDPR and we’ll be actively monitoring how well we adhere to good practice. We’ll update and rerun the training at various points in future.
  6. Overseas data transfer: where possible we’ll keep all data in the EEA, but if we have to transfer it further afield for whatever reason, we’ll only do so if there are adequate safeguards in place and where the party in question is subject to and compliant with a satisfactory data protection regime.

If you have any questions about how this might affect our relationship with you, or in relation to any data you think we might hold about you, please speak to your usual BIG contact or contact Bryan Garvie here.