When it comes to compliance we do exactly as we’re told.

For your reassurance, here’s how we’re complying with the ICO’s GDPR guidelines.

• • Awareness – we’ve informed everyone within our business about the changes GDPR brings and what it means to us and our customers.


• • Information we hold – we’ve carried out a comprehensive information audit of our data estate and rigorously documented the personal data we control and process.


• • Communicating privacy information – we’ve reviewed our Privacy Policy and other data protection standards,and are putting the necessary changes in place before GDPR comes into effect on 25 May 2018.


• • Individuals’ rights – procedures are already in place to cover individuals’ rights and are being updated in line with the new regulation. This includes how we delete or provide personal data electronically to you if requested (in a commonly used format) as laid out by the ICO.


• • Subject access requests – procedures to handle requests for personal data are being revamped to operate effectively under the GDPR.


• • Lawful basis for processing personal data – we’re updating our Privacy Policy before 25 May to explain our approach to GDPR, along with a general update of our other legal agreements to ensure we remain legally compliant.


• • Consent – we’ve reviewed our consent management processes in line with GDPR requirements.


• • Children – We do not collect any personal data regarding children, we have systems in place to swiftly and accurately address said data


• • Data breaches – rigorous procedures are in place to detect, investigate and if necessary report possible data breaches.


• • Data Protection by Design and Data Protection Impact Assessments – our Compliance team routinely perform Data Privacy Impact Assessments on both business activities and product functions.


• • Data Protection Officers – we have a registered Data Protection Officer, who heads our Compliance team and is responsible for our data protection compliance.


• • International – we are a UK-based operation and limit any cross-border processing to the absolute minimum, in accordance with our Privacy Policy.

To find out more about how we comply with GDPR please contact our Compliance team.