The General Data Protection Regulation is a European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018. Even though the UK is no longer part of the EU, we are still required to handle data with respect to this legislation.

‘Personal data’, which means information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

• You can read more about GDPR on the Information Commissioner’s Office website.

Staffvetting has always taken data privacy and security practices very seriously. With the introduction of GDPR we have reviewed our systems, processes and procedures to ensure we were fully compliant by May 25, 2018. For example :

• We updated all of our electronic systems increasing data integrity, confidentiality and availability.
• A new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.
• Updating our Privacy Policy to ensure our compliance in respect of the data we hold about you.
• Reviewing Staffvetting’s functionality to make Staffvetting more efficient for users who are subject to the GDPR.
• Making all our consents clearer and understandable.