The UK General Data Protection Regulation (UK GDPR) contains the list of standards to be followed by the organizations in the UK and it is tailored from Data Protection Act, 2018. This regulation provides the guidelines on data protection and privacy of Individual data subjects. We at C&R comply to the regulations of GDPR and maintain the Technical and Organizational Measures for carrying out processing activities involving personal data. Our GDPR compliance is monitored by DataGuard, our DPO.

C&R Objectives - GDPR

Maintaining Data Protection and Privacy of Data Subject

Compliance to the UK GDPR

Follow the lawful bases of processing personal data

C&R Strategies - GDPR

Engaging a DPO to provide guidance on data protection laws

Data security measures while transmission and processing of personal data

Maintain relevant policies, documentation and agreements

GDPR Controls & Practices

  • Accountability to GDPR by demonstrating required technical and organizational measures
  • Maintenance of the record of processing activities and continuously updating them
  • Written contracts to ensure lawful bases of processing with proper consent
  • Using of Data Protection Agreement wherever applicable
  • Applying appropriate safeguards for cross-border transfers like TRA or IDTA
  • Requesting the data only for the intended purpose as agreed with the Controller
  • Maintaining retention policy in compliance to the legal requirements of the UK
  • GDPR security awareness provided to all the employees/contractors/vendors
  • Review of C&R processes by the DPO (DataGuard) and implementing recommendations on regular basis
  • Registration with Information Commissioner’s Office (ICO). Click Here
  • BCP in place to handle any major disruptions

Need to know more?