At NQA, we take our data protection responsibilities very seriously. Over the past few months, we have been taking various steps to prepare for compliance with the EU General Data Protection Regulation (known as the GDPR).
NQA is a controller over the personal information that we use in the delivery of professional certification and training services. This is based on the fact that we make our own independent decisions as to what personal information we need in order to deliver these services, and we decide what happens to this information.
In particular, we decide on how personal information is used in the context of delivering audits and when deciding upon certification, in accordance with the standards imposed by Accreditation and Regulatory Bodies (e.g. UKAS, IATF and IECQ), Guidance from the UK Information Commissioner's Office (or ICO) also confirms that professional service firms - including auditors - will be controllers rather than processors of any personal information they use in the delivery of services.
More information about how NQA uses personal information in its role as a controller is available in our updated Privacy Notice.
In addition to updating our Privacy Notice, we have also been taking the following steps to work towards compliance with the GDPR:
we have appointed an internal data protection officer, who will be responsible for advising us on data protection matters on an ongoing basis
we have updated and renewed our registrations with the ICO
we have conducted an internal audit of our use of personal information, to better understand our data flows and assess our legal basis for using personal information
we have reviewed our existing processes and procedures for handling personal information
we have updated our information security systems
we are training all members of staff on data protection and GDPR
The way we operate our InTouch newsletter will not change substantially. Subscribers have always had, and will retain, full control over whether or not they wish to continue receiving our InTouch newsletter.
We will continue to only issue this newsletter to our contacts who have signed up (or opted-in) to receive InTouch, and subscribers can unsubscribe at any time.
If you have any queries about this statement, or our approach to data protection matters, please contact our data protection officer at: firstname.lastname@example.org.