The UK General Data Protection Regulation (UK GDPR) contains the list of standards to be followed by the organizations in the UK and it is tailored from Data Protection Act, 2018. This regulation provides the guidelines on data protection and privacy of Individual data subjects. We at C&R comply to the regulations of GDPR and maintain the Technical and Organizational Measures for carrying out processing activities involving personal data. Our GDPR compliance is monitored by DataGuard, our DPO.
C&R Objectives - GDPR
Maintaining Data Protection and Privacy of Data Subject
Compliance to the UK GDPR
Follow the lawful bases of processing personal data
C&R Strategies - GDPR
Engaging a DPO to provide guidance on data protection laws
Data security measures while transmission and processing of personal data
Maintain relevant policies, documentation and agreements
GDPR Controls & Practices
- Accountability to GDPR by demonstrating required technical and organizational measures
- Maintenance of the record of processing activities and continuously updating them
- Written contracts to ensure lawful bases of processing with proper consent
- Using of Data Protection Agreement wherever applicable
- Applying appropriate safeguards for cross-border transfers like TRA or IDTA
- Requesting the data only for the intended purpose as agreed with the Controller
- Maintaining retention policy in compliance to the legal requirements of the UK
- GDPR security awareness provided to all the employees/contractors/vendors
- Review of C&R processes by the DPO (DataGuard) and implementing recommendations on regular basis
- Registration with Information Commissioner’s Office (ICO). Click Here
- BCP in place to handle any major disruptions