The General Data Protection Regulation (GDPR) became legally effective from 25 May 2018 in all EU member states with equivalent legislation in Guernsey. Through a GDPR Regulation Programme managed by CBO, First Central Group (FCG) sought to support all Group companies to comply with the legislation before it came into force, and to put appropriate measures in place to ensure ongoing compliance beyond project close.
CBO’s objectives were to ensure that:
- governance arrangements were put in place so that Group companies are compliant with the GDPR;
- processes and technology were amended so that customer data can be managed in line with GDPR legislation;
- supplier management was enhanced so that third parties using or storing FCG’s customer data do so in line with the legislation;
- the Group’s HR IT systems and practices were developed to enable the management of employee data in line with the legislation; and
- ongoing compliance was assured following completion of the project.
Across the Group, staff are aware of the requirements of GDPR and the organisation is compliant with the legislation, as are all suppliers using or storing customer data. These measures protect the company from the financial and reputational risks of non-compliance.