Purple Lime and The General Data Protection Regulation (GDPR)
With the GDPR regulation, this document provides information on what the regulation is and how we comply and continually evolve to improve protecting the data we hold.
What is GDPR?
- a wide-ranging regulation designed to protect the privacy of individuals in the European Union (EU)
- gives individuals control over how their personal data is processed, including how it’s collected, stored and used
- affects every company in the world that processes personal data about people in the EU
- came into force May 2018
GDPR gives control of personal data to the people who own it and it compels organisations to make data protection a core part of their operations and processes.
Data Protection Act
In the United Kingdom, we already have laws controlling data protection which take the form of the Data Protection Act. When Britain leaves the EU, the principles of GDPR will be written in to a revised data protection act, meaning that GDPR criteria will likely apply to UK business after Brexit.
How has Purple Lime Prepared?
We have always taken data protection and cyber security seriously. It is why we made obtaining the UK Government backed Cyber Essentials certification a top priority from day 1. We achieved the certification within 4 months of trading and have held it ever since.
Further, we are currently undergoing IASME Gold Certification accreditation. This builds on our strong cyber security controls to broaden the scope of the work out to our entire organisations processes. We are independently audited to achieve this accreditation; this will be complete by January 2021.
- We have carried out an Information Audit that documents where the data that we hold on individuals is stored and processed
- We endeavour to only hold data on individuals where it is necessary to carry out our work
- We are ready to answer individuals’ data requests as they occur
“Data Protection by Default”
We have always placed a high emphasis on data protection within everything we do. Indeed, it is explicitly mentioned in our organisations’ values and this culture is filtered through our people and systems. All staff have always had cyber security training as standard.
Data Protection Officer
We have appointed a Data Protection Officer (DPO). Our DPO is tasked with monitoring compliance with the GDPR and other data protection laws, our data protection policies, awareness-raising, training, and audits.