Statement of Intent: Introduction
This statement sets out Cox & Co. Payroll Solutions Ltd.’s proposed approach to ensure the business is compliant, secure and has effective systems in place to meet the GDPR regulatory changes in May 2018
Download our Statement of Intent <<here>>
Existing Data Protection Policy
The existing Cox & Co. Data Protection policy will continue to underpin the basis of compliance during the GDPR project timeline. All practices and processes will remain effective until or if they are replaced by revised policies and procedures.
The existing Data Protection policy, procedures and documentation in situ meet upcoming GDPR requirements and regulations.
Changes to current Data Protection Policy
To ensure continued compliance policies and procedures will be revised as part of our embedded security by design approach.
GDPR Project Plan: Issued 13th July 2017
The framework of the GDPR project is set to ensure that Cox & Co. adheres to the new regulations by 1st January 2018. In addition to this itinerary, planned improvements have been scheduled.
GDPR implementation and system change timeline
In July 2017, we completed our GDPR Data Impact Assessment and Data Asset Register/Risk Assessment.
The findings of this assessment identified improvements that would aid both client (Data Controller) and Cox & Co. (Data Processor) to improve security further.
These will be:
- Encrypted email
- Password protected documentation
- Implementation of two-factor authentication on Client Portal
- Data exchange via Client Portal only
Timeline of Improvement Measures
|Subject||Description||Action required||Implementation from|
|Data Impact Assessment||GDPR Project commenced||July 2017|
|Policy review||Policy written||GDPR Statement of Intent||July 2017|
|Policy review||Policy written||Fair Processing Notice||July 2017|
|Policy review||Policy written||Retention of Records||July 2017|
|Policy review||Policy written||Access Control||July 2017|
|Communication||Communicate to clients GDPR Statement of Intent||Statement of intent published and issued||9th October 2017|
|Encrypted email exchange||MS 365 exchange upgrade||30th October 2017|
|Encrypted email exchange||Formal notice provided to clients||6th November 2017|
|Password protect attached payroll documents||Formal notice provided to clients||6th November 2017|
|Client Hub||Sharepoint migration||In-house software Training (1st)||24th October 2017|
|Client Hub||Sharepoint migration||In-house software Training (2nd)||TBC|
|Encrypted email exchange||Enforce exchange using encryption||1st January 2018|
|Password protect attached payroll documents||Enforce password protection on all document exchanges||1st January 2018|
|Client Hub||Sharepoint migration||Project commence||1st January 2018|
|Client Hub||Two Factor Authentication||Testing||5th February 2018|
|Client Hub||Sharepoint migration||Formal notice provided to clients/training||30th March 2018|
|Client Hub||Sharepoint migration||Migration complete||30th March 2018|
|Client Hub||Sharepoint migration||Helpdesk & support||30th March 2018|
|GDPR Project complete||30th March 2018|
Document Owner and Approval
The Data Protection Officer/GDPR Owner is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR. A current version of this document is available to members of Cox & Co. Payroll Solutions Ltd staff, and employees of the businesses that it is contracted to for outsourced payroll services by emailing firstname.lastname@example.org
This procedure was approved by the Director (Stephen Cox) of Cox & Co. Payroll Solutions Ltd and is issued on a version controlled basis under his signature.
Change History Record
|Issue||Description of Change||Approval||Date of Issue|
|1||Initial issue||Steve Cox||19/09/17|