Latest ICO Information
This PDF is a copy of the ICO's 12 steps towards GDPR
Priscum GDPR Statement
General Data Protection Regulation (GDPR)
The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It has introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
Priscum Limited places a high priority on protecting and managing data, especially that of its clients and employees and ensuring that data:
is protected as it comes in to the firm
is held securely whilst in the firm
access is controlled whilst stored in all systems
is secured when it is sent to a third party where required
is securely destroyed once it is no longer required
We have policies in place that have been updated and reviewed to ensure the requirements of GDPR are addressed.
The following key policies are in place to provide the governance to ensure personal data is handled correctly.
Records Management Policy (incl. Data Retention requirement),
Data Classification Standard
Priscum Limited does not have a Data Privacy Officer but in their place the Head of Information Risk and Data Protection will be responsible for the day to day compliance with GDPR and its requirements with support of the legal team.
Should you have any further questions regarding this GDPR statement then please contact us on Freephone 01600 483600
Who does the GDPR apply to?
The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.