We at NPW are committed to high standards of information security which includes privacy and transparency. GDPR compliance comes into force on 25th May 2018 and NPW have taken active steps to protect privacy through a controlled project.
We have sought sustainable compliance through polices, awareness and managing risk including breach reporting, Data Protection Impact Assessments (DPIAs), Data Security Policy, Privacy Notices, Subject Access Request Procedures and Retention of records policy.
Data items which we process have been documented in an information asset register. Analysis has been conducted to document how this information is being processed, stored, retained, deleted and the purpose.
Existing contracts for staff, suppliers and schools are continuously being reviewed to ensure compliance with the GDPR.In terms of security measures, NPW apply appropriate security measures based on the ISO27001 standard.
We have appointed a Data Protection Officer who will inform, advise, and monitor compliance. NPW will implement tools as appropriate that support the process, provide necessary security and ongoing delivery of objectives.
All our staff have received training which evidences a good level of understanding of data protection legislation and best practice. Our approach is to continuously raise awareness to ensure data protection is embedded within the organisation.
If you have any questions about our compliance with the GDPR, please contact dpo@npw.uk.com.
