GDPR COMPLIANCE STATEMENT
In preparation for the General Data Protection Regulation (GDPR) which comes into force in the UK (and across the EU) on 25 May 2018. The GDPR, which will replace the Data Protection Directive (95/46/EC), aims to strengthen the security and protection of personal data. This document is not a legal document but an indication of how Senitor Associates intends to meet its responsibilities under the GDPR.
Senitor Associates — GDPR Compliance
Senitor Associates is committed to the principles inherent in the GDPR and particularly to the concepts of privacy by design, the right to be forgotten, consent and a risk-based approach. In addition, we aim to ensure:
Our Data Compliance Officer (DCO)/appointed data compliance person is Aaron Parker. He works with a data protection team to promote awareness of the GDPR throughout the organisation and to oversee the organisation's commitment to best practice. He will inform and advise the organisation and monitor its compliance.
Our data protection policy is available on our website and a copy has been made available to all employees and to contractors and suppliers associated with this organisation. It forms part of the induction training of all new staff and follow-up sessions will be put in place if the legislation changes or further guidance is available.
Right to be forgotten
Senitor Associates recognises the right to erasure, also known as the right to be forgotten, laid down in the GDPR. Individuals should contact the Data Compliance Officer, Aaron Parker email@example.com with requests for the deletion or removal of personal data. These will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply. These exemptions include where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
Subject access requests
Senitor Associates recognises that individuals have the right to access their personal data and supplementary information and will comply with the one month timeframe for responses set down in the GDPR. As a general rule, a copy of the requested information will be provided free of charge although Senitor Associates reserves the right to charge a "reasonable fee" when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the person concerned will be informed of their right to contest our decision with the supervisory authority (the Information Commissioner's Office (ICO)).
As set out in the GDPR, any fee will be notified in advance and will be based on the administrative cost of providing the information.
Senitor Associates will implement data protection "by design and by default", as required by the GDPR. Safeguards will be built into products and services from the earliest stage of development and privacy-friendly default settings will be the norm. The privacy notice, which is on our website and which is provided to anyone from whom we collect data, explains our lawful basis for processing the data and gives the data retention periods. It makes clear that individuals have a right to complain to the ICO. Senitor Associates has conducted a privacy impact assessment (PIA) to ensure that privacy risks have been properly considered and addressed.
Data transfers outside the EU
Senitor Associates does not transfer personal data outside the EU unless there is a specific legal obligation and where said company complies with EU-US Privacy Shield.
If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the people affected will be informed as soon as possible and the ICO will be notified within 72 hours.
Any questions related to GDPR or to issues concerning data protection generally should initially be addressed to the Data Compliance Officer Aaron Parker firstname.lastname@example.org.