The 1995 EU Data Protection Directive (European Directive 95/46/EC) will be replaced by the EU General Data Protection Regulation (GDPR), taking effect on 25th May 2018. GDPR will strengthen the rights that EU individuals have over their data and how it is used. GDPR will create a uniform data protection law across Europe and will continue to be applicable even after the UK’s exit from the European Union. This legislation, although not currently finalised, will introduce new responsibilities, specifically including the requirement to demonstrate compliance. Enforcement of GDPR and penalties for breach, when compared with the current Data Protection Act (DPA), will be more stringent and substantially increased.
X3 Consulting will comply with applicable GDPR regulations as a data controller and processor. X3 Consulting is committed to the highest standards of information security, privacy and transparency. X3 Consulting places a high priority on protecting and managing data in accordance with accepted standards and legislative requirements.
All X3 Consulting staff are made familiar with GDPR requirements and their personal responsibilities with regards to this legislation. All staff are trained on induction on their responsibilities, as agreed within the Employee Handbook. An annual security audit takes place (with a review of X3 Consulting’s security policy) to ensure compliance with changes in legislation, with appropriate accompanying training of staff.
X3 Consulting has a privacy notice which informs people both inside and outside of our organisation on what we do with their personal data, this is available on the website within the terms and conditions section. X3 Consulting has a process to manage ‘right to erasure’ requests. If one wishes for their records held by X3 Consulting to be erased, they can communicate via the contact us page or via the account management channel.
X3 Consulting does not directly process sensitive information. We may process information on behalf of a client if contracted to do so. This would be subject to appropriate privacy controls, and data is not retained beyond the scope required. All storage and transmission methods used by X3 Consulting are secure and X3 Consulting will ensure that our suppliers have GDPR procedures in place. A complete review of supplier compliance is currently underway.
When processing data X3 Consulting undertake the following objectives:
– Data is processed in a lawful, fair and transparent manner,
– Data is only collected for a specific purpose,
– The data possessed is necessary for said purpose,
– The data is accurate and will be maintained,
– Data is kept for no longer than necessary and is destroyed securely,
– Data is kept and transmitted in a secure fashion,
– No personal data is transferred outside of the EU,
– There is a notification process in place for any breach.