On
25 May 2018 the new EU General Data Protection Regulation (GDPR) came into force
and this includes the United Kingdom regardless of its decision to leave the EU.
In
simple terms, individuals will now have greater say over how, why, where and
when their personal data is gathered, processed and disposed of. Any
organisation that works with EU residents' personal data in any manner,
irrespective of location, has obligations to protect the data.
If you hold and process personal information about clients, staff or suppliers, you are legally obliged to protect that information.
Blucar Solutions Ltd has always honoured our customers’ right to data privacy and protection.
We have demonstrated our commitment by adhering to the current UK Data Protection policy, and now we have revised our own internal policies in order to meet the requirements of the GDPR as both a controller and processor of data.
· Blucar Solutions Ltd is registered with the ICO.
· All staff are trained on induction and every two years (or sooner if there is a major change in legislation).
· We have a privacy notice and cookie policy on our website, giving details of what data we collect and how we process it.
· No personal data is transferred outside of the EU.
· All storage is secure.
· We have a Data Asset Register for our own internal control procedures.
· We have a notification process in place for any data breach.
· We have a data retention policy.
· We have a right to erasure process. Please contact Dave Briggs at dave@blucar.co.uk if you wish your personal data to be deleted.
When processing the data, we undertake to:
· Only collect information that we need for a specific purpose
· Ensure it is relevant and up to date
· Only hold as much as we need, and only for as long as we need it
· Allow the subject of the information to see it on request
· Keep it secure
