The General Data Protection Regulation (GDPR) affects any organisation that operates in the EU or holds personal data about EU citizens. It will also give citizens additional rights over how their data is collected and used.
In the UK, the GDPR can be seen as the guiding legislation for the UK Data Protection Act 2018, within which the GDPR “derogations” allow the UK to make provisions for its application in the national context, for example in the area of law enforcement.
It imposes some new rules on companies that hold data, or seek to obtain data, about EU residents. So, for example, data controllers and processors are required to obtain “explicit consent” to collect and use personal data – as opposed to relying on silence or pre-ticked boxes – while meeting new levels of confidentiality, integrity and availability of the personal data they hold.
To ensure that SDA meets these high standards, it has been formally audited against - and has met - the requirements of the international standard ISO/IEC 27001:2013 Information Security Management System specification, certificate number 088, as well as those of UK Cyber Essentials, certificate number 3696603184139258.
SDA has also audited their administrative and technical data processing procedures to ensure that they comply with the fundamental principles of the GDPR.
Together, these demonstrate how we adhere to stringent processes for keeping our and our customers’ data secure.
Each business operating in the EU is affected by the GDPR. All citizens will have some enhanced rights with regard to their personal data. The UK has embraced this and will enshrine the majority of its requirements in the Data Protection Act 2018, though there are national derogations which allow its application in the national context.
How does this affect me?
Data in your SDA system are already secure and stored so as to comply with the GDPR. We have amended our agreements to ensure that they encompass the GDPR principles. Any new agreements that we make will, of course, already be GDPR compliant.
SDA’s systems have been supporting our clients’ Data Protection obligations for many years and will continue to do so under the GDPR and the Data Protection Act 2018.
Your data is: