Our Commitment to GDPR
GDPR Core Principles
World Options are committed to following the 12 steps of GDPR core principles detailed below. We have put processes in place in order to follow all the guidelines.
We have made sure that decision makers and key people in our organisation are aware that the law is changing to the GDPR. And the impact this is likely to have.
2. Information we hold
We have documented what personal data we hold, where it came from and who we share it with and have organised an information audit.
3. Communicating privacy information
We have reviewed our privacy notices and made the necessary changes in time for GDPR implementation.
4. Individuals’ rights
We have checked our procedures to ensure they cover all the rights individuals have, including how we delete personal data or provide data electronically and in a commonly used format.
5. Subject access requests
We have updated our procedures and have a plan in place for Subject access requests. Lawful basis for processing personal data and the lawful basis for our processing activity, this is updated in the privacy notice.
6. Lawful basis for processing personal data
We have identified the lawful basis for our processing activity and have documented this and updated our privacy notice to explain this.
We have reviewed how we seek, record and manage consent and whether we need to make any changes. We have reviewed existing consent in order to meet the GDPR standard.
We have considered whether we need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
9. Data breaches
We have put the right procedures in place to detect, report and investigate a personal data breach.
10. Data Protection by Design and Data / Protection Impact Assessments
We understand the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, so that we have implemented this.
11. Data Protection Oﬃcer
We have assigned GDPR Officers, these are the World Options Board of Directors. They take responsibility for data protection compliance.
As our organisation does operate in more than one EU member state, we have determined our lead data protection supervisory authority.