P & I and the GDPR

P-&-I-and-the-GDPR

Below, we have put together a number of questions along with answers about P & I and the General Data Protection Regulation (GDPR).

 

How do P & I know where they store my data?

In preparation for the GDPR, every department completed a data audit. This allowed us to understand all the location that we store data and gave us the opportunity to do a ‘spring clean’ of these locations.

 

I understand that P & I may need to share my details with their suppliers for orders to be processed, but how do I know that my data is safe?

We are currently working with our suppliers to ensure that they are GDPR compliant. Each supplier must provide us with evidence that they comply with GDPR, if they don’t – it’s simple – we will not continue to use them. This is our commitment to ensuring your data is safe and secure.

 

Do P & I have a Data Protection Officer (DPO)?

Under the GDPR, P & I are not required to have a DPO. However, we have created a GDPR team who have been responsible for implementing the new regulation and will continue to be the point of contact for anything relating to the GDPR.

 

Is it just the GDPR team who know what’s going on with the GDPR?

No, all of our staff have received training in regard to the GDPR, this includes both our office staff and our field engineers.

 

What do I do if I want to know what information P & I hold about me?

If you would like to know what personal data we hold about you, you will need to make a written request to us. Under the new regulation, we are required to respond to your request within 30 days and at no cost to you. Within the timeframe given to us, we will respond and let you know all the locations we hold your personal data. However, if we do not hold any personal data about you, we will also let you know.

All requests can be sent to  gdpr@pandigroup.co.uk

 

What do I do if I want P & I to delete all personal data they hold on me?

It’s the same as above, you will need to send a request to us for your personal data to be deleted. We will acknowledge your request and let you know as soon as this has been actioned. If we are unable to remove your personal data for legal reasons, we will let you know why this is the case.

For example, all invoices must be kept for 6 years from the end of our last financial year they relate to. The law regarding this overrules the GDPR and allows us to process such data.

However, where possible, we will attempt to redact/anonymise your personal data, as long as the law accompanying the reason for us keeping the personal data allows it.

 

Where can I find, in detail, how P & I process data?

In preparation for the GDPR, we have reviewed and adjusted our Privacy Notice. You can visit the link to find out more about how and why P & I process data.

For any enquiries regarding P & I and GDPR, please email us on gdpr@pandigroup.co.uk and we will be more than happy to help.