GDPR

 

GDPR Core Principles

World Options Limited is registered on the data protection register with the ICO (Information Commissioner’s Office).

World Options Data Protection Reference Number is: ZA655134

We are committed to following the 12 steps of GDPR core principles detailed below. We have put processes in place in order to follow all the guidelines.

1. Awareness

We have made sure that decision-makers and key people in our organisation are aware that the law is changing to the GDPR. And the impact this is likely to have.

2. Information we hold

We have documented what personal data we hold, where it came from and who we share it with and have organised an information audit.

3. Communicating privacy information

We have reviewed our privacy notices and made the necessary changes in time for GDPR implementation.

4. Individuals’ rights

We have checked our procedures to ensure they cover all the rights individuals have, including how we delete personal data or provide data electronically and in a commonly used format.

5. Subject access requests

We have updated our procedures and have a plan in place for Subject access requests. Lawful basis for processing personal data and the lawful basis for our processing activity, this is updated in the privacy notice.

6. Lawful basis for processing personal data

We have identified the lawful basis for our processing activity and have documented this and updated our privacy notice to explain this.

7. Consent

We have reviewed how we seek, record and manage consent and whether we need to make any changes. We have reviewed existing consent in order to meet the GDPR standard.

8. Children

We have considered whether we need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.

9. Data breaches

We have put the right procedures in place to detect, report and investigate a personal data breach.

10. Data Protection by Design and Data / Protection Impact Assessments

We understand the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party so we have implemented this.

11. Data Protection Officer

We have assigned GDPR Officers, these are the World Options Board of Directors. They take responsibility for data protection compliance.

12. International

As our organisation does operate in more than one EU member state, we have determined our lead data protection supervisory authority.