GDPR: Communication to Customers


Westfield Health takes the privacy of all customers and those that communicate with us very seriously and as a valued customer, we wanted to give you an update on our preparations for the General Data Protection Regulation (GDPR).

We have put together this brief statement to help you understand what steps we are taking to meet the requirements of GDPR in time for the 25th May 2018 deadline.

GDPR Readiness Project

We are currently undertaking an organisation wide GDPR readiness project which includes:

  • Establishing an internal GDPR steering group, made up of key members of each department to govern and deploy GDPR compliance effectively.
  • Documenting our processing activities including recording the legal basis of processing personal data and special category data throughout the organisation.
  • Reviewing and updating all policies and procedures in accordance with GDPR. In particular, as part of our ISO 27001 certification, we will be reviewing and formalising our data retention policy.
  • Reviewing and redrafting all 3rd Party contracts and agreements where personal data is shared to meet GDPR compliance standards.
  • Reviewing and redrafting all privacy notices to meet GDPR compliance standards.
  • Reviewing consent as a legal basis of processing and ensuring adequate mechanisms are in place to manage consent appropriately and meet GDPR compliance standards.

We will provide further updates and communications in the New Year as we work proactively to ensure that we meet the requirements of GDPR by the 25th May 2018.

You may also receive individual communications in relation to specific aspects of GDPR compliance as they are reviewed or updated.

Any questions

If you have any additional or specific questions please email us at: