GDPR – How we store your data!


You’d have to have been living under a rock not to have heard about GDPR, or General Data Protection Regulation as it’s known in its full glory.    Coming into force on May 25th 2018 it’s the biggest overhaul of data protection in 20 years (replacing the 1998 Data Protection Act), and in those 2 decades the way personal data is stored, handled, shared and processed in the world has completely changed!

We are a digital society, sharing personal information across a plethora of social media channels and many of us have a smart device close to hand at all times.    These channels use sophisticated software and intelligence capturing (and storing) the information we share – just ask Mark Zuckerberg about facial recognition!

Calon must comply with the new GDPR regulation. As a managing agent, we process and store personal and sensitive information, it’s just the nature of our business! But what we do with this information and what happens to it is where our attention has been focussed.  So last year we undertook a highly complex mapping exercise on all the personal and sensitive information we hold, how it flows through the business, who it is shared with, how long we hold it and how its disposed of.   Fun!

The results of this are detailed and complex (good bedtime reading) but here is a summary to demonstrate our assurance that we are treating your information as if it were our own:

  1. We are registered with the Information Commissioners Office (ICO)
  2. All staff are undergoing GDPR and Data Protection training, this new knowledge will ensure compliance and annual refresher courses will be undertaken by everyone – and we mean everyone!
  3. We have a fully reviewed and jazzed up Data Protection Policy for GDPR compliance, we have made the necessary changes to bring ourselves up to the required standard and principles and always put the data subjects right at the heart to ensure safeguarding.
  4. We are confident that all our information processing is Lawful – basically we only keep it and share it if we have to.
  5. We keep data collection to a minimum and only use it as you would reasonably expect.
  6. We delete it when we are supposed to. Bye Bye data!!
  7. All data processing is protected against security breach and unauthorised access through a myriad of technology.
  8. We have ongoing data governance, this requires periodic review and is controlled by our Data Protection Officer.
  9. Privacy Notices will be used for all data subjects – including rights and how to exercise them.
  10. Direct Marketing will only be received if you have consented or requested.
  11. We ensure that all third parties we work with are GDPR compliant and have sharing agreements in place.
  12. Any personal data breach is reported to the ICO for investigation.


But its not as scary it might seem, for any businesses that are already complying with data protection laws – that’s us – the new GDPR regulation is only a step change, most of this stuff we were doing anyway.


As Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, commented


“It’s still an evolution, not a revolution”.


As a last note, if you have any questions, concerns or comments please get in touch and we will be happy to help.


Happy GDPRing.

Related Posts