GDPR
Request ID: FOI-1928-1819
Date published: 19 November 2018
You asked
1. Do you plan on investing in technology specifically to comply with GDPR in the next 12 months?
o Yes
o No
2. Have you implemented information security network(s)? Have those networks been updated to take account of GDPR?
o Yes
o No
3. Nearly six months after GDPR has come into effect, have you completed an assessment and validation with all third-party organisations you work with regarding GDPR compliance?
o Yes
o No
4. Do you monitor the compliance of all the third-party organisations you work against your information security?
o Yes
o No
5. Under the new rules, have you completed an audit to identify all files or databases that include personally identifiable information (PII) within your organisation?
o Yes
o No
6. Have the employees in your organisation received training on data protection and other relevant law?
o Yes
o No
We answered
TfL Ref: FOI-1928-1819
Thank you for your request received by Transport for London (TfL) on 28 October 2018.
Your request has been processed in accordance with the requirements of the Freedom of Information Act and our information access policy. I can confirm we do hold some of the information you requested. You asked:
1.Do you plan on investing in technology specifically to comply with GDPR in the next 12 months?
We do plan on investing in technology to comply with GDPR in the next 12 months.
2. Have you implemented information security network(s)? Have those networks been updated to take account of GDPR?
Our security networks are constantly being updated and the need for security predates GDPR.
3. Nearly six months after GDPR has come into effect, have you completed an assessment and validation with all third-party organisations you work with regarding GDPR compliance?
Contract variations have been sent to data processors where appropriate but many third parties that we work with are not data processors.
4. Do you monitor the compliance of all the third-party organisations you work against your information security?
It is unclear what is being asked, however please see the response to question 3.
5. Under the new rules, have you completed an audit to identify all files or databases that include personally identifiable information (PII) within your organisation?
We have undertaken a data mapping exercise. However we do not consider that this is a task that is ever likely to be complete as it relates to the maintenance of a live record.
6. Have the employees in your organisation received training on data protection and other relevant law?
TfL employees have received training on data protection. However we would require you to specify which other laws you consider relevant?
Please see the attached information sheet for details of your right to appeal.
Yours sincerely,
Melissa Nichols
FOI Case Officer
FOI Case Management Team
General Counsel
Transport for London
Back to top
