GDPR Compliance Statement

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and is enforceable immediately and requires no enabling legislation so automatically becomes binding and applicable.

The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

We comply with the GDPR as a processor and controller of data and have in place a programme of works which delivers that which is required by the legislation. This will involve working with our suppliers and partner organisations to ensure they meet these obligations.

We aim to deliver best practice in compliance and our programme comprises the following areas:

  • Customer Contracts: our Services Agreement already addresses GDPR compliance.
  • Data Impact Assessments and Data Inventory: we are already undertaking a systematic review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity and Confidentiality, Record Keeping and Accountability.
  • Training and Awareness: we will train all staff on the GDPR and its impact on the policies, procedures and responsibilities of staff and stakeholders in this regime.
  • Supplier and Partner relationships: where relevant and related, we will use all reasonable endeavours to ensure that third parties and suppliers are complying with the GDPR.
  • Technology: we will constantly be reviewing our technology platforms to analyse their operation, security and compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.

Our Security Officer and Senior Management Team will continue to monitor the programme.