What is the GDPR?

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018.

The GDPR will automatically become law in all 28 Member States of the European Union (EU).

The aims of the GDPR are to:

• Harmonise data privacy laws across the EU;

• Modernise data privacy laws in the light of technological change;

• Enhancement the rights of individuals;

• Increase the accountability requirements and obligations for data controllers and data processors; and ensure better records and evidence of compliance with data protection legislation and more transparency as to how data is used, by whom it is used and for what.

The GDPR applies to businesses (whether in the EU or not) that are processing the personal data of individuals in the EU including the personal data of customers and employees.

What is SourceBreaker doing about the GDPR?

SourceBreaker processes personal data both as a controller and as a processor and we take our obligations under the GDPR very seriously. In order to prepare for the new regime we have undertaken a programme of activities including:

• A review of our data processing activities;

• An assessment of data security;

• Updates to our training, policies and procedures. Click here to read our updated privacy and cookies policy;

• Ensuring that appropriate terms are in place with all of our data processors and sub-processors;

What are SourceBreaker’s commitments to customers and data subjects?

SourceBreaker is committed to complying with the requirements of the GDPR in practice this means that we are committed to do the following when we are processing data for our clients:

(a) We only process personal data, for which you are responsible, at your request, in accordance with the agreement we have with you, or as required by law;

(b) We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing;

(c) We take all reasonable steps to ensure that only authorised personnel with suitable training have access to the personal data;

(d) We will only engage sub-processors to assist in the performance of the services we deliver to you, with your consent. We will hold sub-processors to terms no less onerous than these commitments made to you;

(e) We will not deliberately do anything to place you in breach of the GDPR and will tell you if your instructions run contrary to what the GDPR permits;

(f) We will assist you to fulfill any requests received by data subjects (individuals) to exercise their rights or any regulator requests;

(g) We will inform you straight away of any breach or suspected breach that might compromise your data or put it at risk;

(h) Where we need to transfer personal data out of the EEA, we will do so subject to appropriate legal safeguards.

The above list is not exhaustive and SourceBreaker is committed to meeting all of its obligations to you and under the GDPR.

If you have any questions about our approach to data privacy or our use of your personal data please contact gdpr@sourcebreaker.com and we will be happy to discuss with you further.