Notification of Appointment of our Data Protection Officer
HRLocker is delighted to announce the appointment of Phil Byrne as our Data Protection Officer (DPO). Phil is an experienced practicing certification auditor for ISO 27001 (ISMS) and consults widely with organisations on the implementation of formal management systems to meet the detailed objectives of GDPR within the ISO Management Systems framework.
Phil has had a pivotal role in HRLocker’s preparation for its obligations under GDPR, by working with our management team on the organisations Internal Audit Programme (IAP). All systems and processes have been risk assessed to identify potential vulnerabilities and ensure that appropriate mitigations have been implemented and subsequently tested for suitability and effectiveness.
As part of his role as DPO, Phil is responsible for the planning of the HRLocker IAP to ensure that all systems and processes are audited to a very high standard with regard to data protection. All internal audits include;
- Evaluation of risk assessments and risk treatments
- Review of reported incidents and breaches where they have occurred
- Evaluation of the effectiveness of the training of personnel
- Opportunities for improvement
In order to fulfil his role, Phil reviews all internal audit reports with the audit team to ensure that good auditing practice is demonstrated. Where appropriate. Phil has the authority to give direction on specific actions and corrective actions, which may be required for HRLocker to continually meet its obligations under GDPR.
The DPO role is further resourced through HRLocker’s quarterly management review, where the management team discuss issues and aspects relevant to GDPR as a fixed agenda item. In addition to participation in this meeting, Phil remains available to management at both Board and Department level to provide advice and guidance on HRLocker’s data protection objectives across the organisation.
Demonstrating Conformance to GDPR
HRLocker has implemented its management system to meet the requirements of ISO 27001:2013 which has been implemented as a framework to manage our GDPR obligations.
Contacting the DPO
HRLocker acts as both Data Controller and Data Processor for various categories of data, including personal data. This involves data subjects which are both internal and external to the organisation.
Applications are accepted from HRLocker’s interested parties on GDPR related aspects, including;
- Reporting of breaches, including suspected breaches, to information security controls which may involve personal data,
- To draw the organisation’s attention to any failure to comply with the applicable data protection rules
- To make a Data Subject Request, where HRLocker has the applicants data stored and/or processed within the organisation.
To ensure that independence is maintained with regard to the protection of organisational data, Phil Byrne can be contacted directly and in confidence, by sending your query to DPO@enable-iso.com.