Our business revolves around data, and we process personal data appropriately and securely as part of our services. It is the core of our business and it’s imperative that our customers have confidence in us. Our strategy aims for Graydon to be a trusted and reliable business partner, with accountability and transparency two of our values.
As a result, ahead of the implementation of the GDPR today, on Friday 25th May, we have ensured that we are compliant. The steps we've taken, some frequently-asked-questions, and our responsibilities under the new regulation, are available on our website.
First and foremost, we have updated our privacy statement, explained how we approach privacy, how we use, store and protect personal data that Graydon holds. See all the details below:
Interested in the legal basis? We've outlined our positioning on GDPR, and described how our activities qualify under the six legitimate grounds for processing personal data in our positioning paper below:
Whilst it is important to achieve compliance with GDPR by 25th May 2018, the GDPR project is just a starting point for continuous compliance beyond that date. Maintaining compliance and further promoting careful use of data are crucial to Graydon’s position and activities. Monitoring and audits will therefore continue to take place after 25 May. Procedures are regularly evaluated, and our DPO will monitor compliance with the GDPR internally. Finally, all of our employees are aware and have been trained accordingly - Graydon's teams are up-to-date with GDPR!