GDPR tightens Data Protection rules for data controllers and data processors in handling personal information and directly enforceable obligations are imposed on them.

The GDPR also requires that clauses are built into contracts between controllers and processors. ("C2P Clauses"). It alters the rules regarding obtaining consent, and places accountability on firms to ensure they are treating data subjects in a fair and transparent manner. Data policies and statements will need to be granular and clear, and not blurred by complex and technical language.

IFAC take the steps to GDPR seriously and have designed an interactive course for members and non-members alike with a dedicated microsite for compliant data-harvesting and staff awareness.

We will steer your company to GDPR awareness, data cleansing and processes implementation that follow the relevant data privacy regulations

If you decide to use IFAC's GDPR suite of services, we will

• Ensure that staff and representatives are provided with regular training on data protection principles and their application in practice.
• Ensure that your firm is given complete guidance to storing all personal data in a compliant manner and ensure that going forward you have processes transparent in the handling of that data.
• Recommend sample wording for website, agreements, consents, and policies that reflect the GDPR.
• Assist in the review 3^rd party contracts.

Bespoke Training sessions are ongoing, please email gdpr@ifac.eu or call 01242 807010.