- As you may know, the new General Data Protection Regulation (GDPR) will apply from 25 May 2018. The GDPR is a European Union law that strengthens and unifies data protection for individuals. We have also set out below some of the key steps we are taking, which will provide you with further benefits and transparency in relation to how we process our clients data.
- We will implement technical and organisational measures to ensure that we meet all the requirements of the GDPR including the appropriate level of security of the personal data we process for you. Our sub-processors will also process personal data in accordance with those measures.
Notification and consultation
- We will provide you with all reasonable assistance to comply with Articles 32 to 36 GDPR (Security of personal data and Data Protection Impact Assessments), taking into account the data we process and the information available to us. Such assistance shall mean responding to questionnaires or providing information on request.
Contracting and audit
- We shall provide you with a contract appendix setting out all of our obligations as a processor and your rights as a controller. These include right to audit and to respond to any reasonable enquiries as to how we process personal data and comply with the GDPR. We shall also ensure that our sub-processors will process personal data in accordance with these obligations.
- We shall provide contact details for the sub-processors we use to process your customers’ personal data. All our sub-processors, contractors and employees have committed to keep your data confidential. this list will be updated with changes in the sub-contractors we use going forward.
- If you have any questions, please contact Ciptex on 0345 8800 808