Introduction
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.
The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.
The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
What are we doing to ensure compliance?
We are committed to protecting and respecting the privacy of individuals, and take our obligations under data protection legislation seriously. We understand and welcome the high standards that GDPR will promote and encourage across the whole industry.
In order to ensure that we were ready for GDPR, our employees have been briefed on the changes and 3rd party partners are also fully aware of the new obligations that GDPR introduced.
- We will process all personal data fairly and lawfully.
- We will only process personal data for specified and lawful purposes.
- We will endeavour to hold relevant and accurate personal data, and where practical, we will keep this up to date.
- We will not retain personal data for longer than is necessary.
- We will keep all personal data secure.
- We will endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection.