GDPR Policy

What is GDPR?

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and is the most significant change to data privacy regulation in 20 years.

The aim of the GDPR is to enhance the protection of EU citizens in an increasingly data-driven world that is vastly different from the time when the previous 1995 directive (DPD) was implemented in the UK, via the Data Protection Act 1998.

Although the main concept and key principles of data privacy and security are much the same as the previous directive, several enhancements have been made to further protect data subjects and increase the obligations of those who collect or process personal data.

The key points of the GDPR are as follows:

  • Consent - Individuals have control over their data and how this may be used.
  • Right to Access – Data must be provided upon request, within the newly reduced timeframe of 1 month.
  • Control – Data subjects are entitle to have inaccuracies in data held about them corrected.
  • Right to be Forgotten – If requested, processes must be in place to delete all data held about a data subject.
  • Data Portability – Individuals have the right to request data is moved from one data controller to another.
  • Privacy – Data controllers must ensure that all processes & systems adhere to the key pillars of GDPR. For example, that all data is deleted upon request.
  • Transparency – It will be compulsory to notify both the data protection authority and data subjects of a data breach within 72 hours.
  • Non-Compliance Fines – Severe penalties of up to 4% of turnover or 20m Euros depending upon the nature of the violation.

Our preparation for GDPR

Boxx Communications is committed to GDPR compliance. Operating in an already tightly regulated industry means that we are confident our processes will adhere to the new regulations. We have been working hard to achieve this by making sure our staff are well informed, by completing an audit of the data we currently hold and reviewing our processes to ensure that we are meeting the criteria set out to us.

Post 25th May 2018 we will continue to monitor our procedures to ensure we remain compliant.