DA(S)PL - Completely GDPR compliant
25th May 2018 is when the new European Union data processing laws - known as the EU General Data Protection Regulation (GDPR) - came into force.
GDPR will impose strict controls on how all organisations collect and process personal data within the EU and/or personal data of EU citizens. UK is expected to enforce the full range of GDPR requirements.
The regulation outlines six key principles for organisations that process individuals’ personal information. These principal are that data shall be:
- Processed lawfully, fairly and transparently
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary for processing
- Accurate and kept up to date
- Retained only for as long as necessary
- Processed in an appropriate manner to maintain security
What is DA(S)PL doing to prepare for GDPR?
We’re constantly updating the technical and organisational security measures we have in place to protect your data and ensure you that we are fully GDPR Compliant.
Under the terms of GDPR, DA(S)PL will collect, store and process personal data (e.g. contact details, email addresses, National Insurance, passport, payroll, PAYE numbers and any other data which may be required).
Here are some of the ways we are ensuring that we’re fully GDPR compliant.
Awareness & accountability
We have a company-wide commitment to ensuring complete compliance with GDPR. Our progress is communicated throughout all departments so that everyone working at DA(S)PL understands what needs to be done and by when.
We have a complete record of what data we hold, where we hold it, where that data comes from and where it potentially goes. This will enable us to keep track of all data and allow us to make the right decisions in making sure that your data is always protected.
We update our Policies to make sure that data received by us is handled with appropriate measures and confidentiality.
Basis and consent
By signing up with DA(S)PL, you are entering into an agreement which gives us a legitimate basis to process the data given to us, in line with GDPR requirements. In other words, for you to benefit fully from using DA(S)PL, we will need to process some of your data.
Under GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).
Security is a priority in everything we do while developing and delivering DA(S)PL. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use several technical and organisational measures - which are also continually adapting - to stay ahead of the hackers and scammers.
Professional Indemnity Insurance
We have adequate professional indemnity insurance cover to meet contingencies. Click here to view details.
Information Commissioner's Office (ICO) Registration and jurisdiction
DA(S)PL is based in Croydon, so we ultimately answer to the UK Information Commissioner’s Office (ICO) regarding Data Privacy and Protection. We register annually with the ICO under agreement number Z2316039. See ICO Registry entry here.
Despite all our best efforts, should the unthinkable happen and we suffer a significant data breach that puts your personal data at risk, we have a legal duty to report this to the ICO within 72 hours of discovery. We are updating our internal Policy and Procedures to include mandatory notification requirements, both with the ICO and publicly with you, our customers.
Maintaining your privacy is a key priority to us. You can be rest assured that we have your best interests at heart.
If you ever want to contact us about GDPR, data protection or how we handle your data in general, please feel free to drop an email to Pinkal Shah firstname.lastname@example.org. we will get back to you as soon as possible.
This statement will be revised on a continual basis as data security regulations change, and where DA(S)PL expands its service offerings, so it is required it to hold more of your personal data. We will also revise this based on clients' feedback and experiences in working with DA(S)PL to ensure we are always ahead of your expectations regarding data privacy and security