Codex Appoints a Data Protection Officer
Notification of Appointment of our Data Protection Officer
Codex Office Solutions is delighted to announce the appointment of Phil Byrne as our Data Protection Officer (DPO). Phil is an experienced practising certification auditor for ISO 27001 (ISMS) and consults widely with organizations on the implementation of formal management systems to meet the detailed objectives of GDPR within the ISO Management Systems framework.
Phil has had a pivotal role in Codex’s preparation for its obligations under GDPR, by working with our management team on the organizations Internal Audit Programme (IAP). All systems and processes have been risk assessed to identify potential vulnerabilities and ensure that appropriate mitigations have been implemented and subsequently tested for suitability and effectiveness.
As part of his role as DPO, Phil is responsible for the planning of the Codex IAP to ensure that all systems and processes are audited to a very high standard with regard to data protection. All internal audits include;
- Evaluation of risk assessments and risk treatments
- Review of reported incidents and breaches where they have occurred
- Evaluation of the effectiveness of the training of personnel
- Opportunities for improvement
In order to fulfil his role, Phil reviews all internal audit reports with the audit team to ensure that good auditing practice is demonstrated. Where appropriate, Phil has the authority to give direction on specific actions and corrective actions, which may be required for Codex to continually meet its obligations under GDPR.
The DPO role is further resourced through Codex’s quarterly management review, where the management team discuss issues and aspects relevant to GDPR as a fixed agenda item. In addition to participation in this meeting, Phil remains available to management at both Board and Department level to provide advice and guidance on Codex’s data protection objectives across the organization.
Demonstrating Conformance to GDPR
Codex has implemented its management system to meet the requirements of ISO 27001:2013 which has been verified through independent assessment by an accredited Certification Body.
Contacting the DPO
Codex acts as both Data Controller and Data Processor for various categories of data, including personal data. This involves data subjects which are both internal and external to the organization.
Applications are accepted from Codex’s interested parties on GDPR related aspects, including;
- Reporting of breaches, including suspected breaches, to information security controls which may involve personal data,
- To draw the organization’s attention to any failure to comply with the applicable data protection rules,
- To make a Data Subject Request, where Codex has the applicants data stored and/or processed within the organization,
- To request a copy of Codex’s ISO 27001 Certificate, dependent on the status of the applicant.
- To ensure that independence is maintained with regard to the protection of organizational data, Phil Byrne can be contacted directly and in confidence, by sending your query to [email protected]