GDPR - Data Protection Act (DPA) 2018 replaces the DPA 1998. It has been amended to incorporate the GDPR Guidelines, to keep us in line with Europe. The Act places greater obligations on organisations like us to handle data responsibly. It came into effect on 25 May 2018.
The GDPR applies to ‘personal data’, which means any information relating to an individual who could be directly or indirectly identified in particular by reference to an identifier. For example, a person whose name, in combination with a location or member number makes them more identifiable.
The GDPR applies to processing of data or information carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
We are working with daily transactional files for financial companies, electoral roll files and highly sensitive debt recovery files. However, all data is processed in the same way using the same controls, irrespective of the customer or industry sector.
We continue to work with BSI via on site audits to review and continually improve our systems, reducing risk where possible whilst maintaining lead times expected by our clients.