Lucy Finlayson, Business Services Lead
Coming into force on Friday 25 May 2018, the General Data Protection Regulations or GDPR will impose strict controls on how all organisations collect and process personal data within the EU and/or personal data of EU citizens. The regulation outlines six key principles for organisations that process personal information. These are that data shall be:
- processed lawfully, fairly and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for processing
- accurate and kept up to date
- retained only for as long as necessary
- processed in an appropriate manner to maintain security.
We’re working hard to ensure we’ll be fully compliant with GDPR when it comes into force. Here are some of the ways we are ensuring that we’re fully GDPR compliant by the May 25 deadline...
We’re working with our parent company, Nova Systems, to undertake an extensive audit to clearly document what data we hold, where we hold it, where and under what legal basis that data comes from and where it potentially goes. This will enable us to keep track of all data and allow us to make the right decisions in making sure that your data is always protected.
Two10degrees registers annually with the UK Information Commissioner’s Office (ICO) regarding data privacy and protection. Our agreement number is Z9290267.
We’re updating our policies so that you will know how, why, where and for how long we may be processing and holding your data. We’ll also let you know what to do if you think we can make some improvements!
Our Team are fully aware of their responsibilities under the GDPR, including data breach and data collection procedures. Our team are informed regularly with updates and training on our GDPR compliance journey.
By signing up to our services you may be entering into an agreement which gives us a legitimate basis to hold and process your data, in line with GDPR requirements. We will, however, require your specific consent to send you (non-spammy) marketing – it will be simple and obvious how you can subscribe and unsubscribe from our communications.
two10degrees will be as open as it can be in terms of giving people access to their own personal information. The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access.
If you’d like more information on our GDPR compliance, please feel free to email us at firstname.lastname@example.org and somebody will get back to you as soon as possible.
This statement was produced on 28 March 2018. The statement may change from time to time and if it does, we’ll post the new version here on our website.