GDPR FAQ’s

What is the GDPR?

The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It comes into effect on 25 May 2018.

What is Staffvetting doing to prepare for GDPR?

Staffvetting has always taken data privacy and security practices very seriously. With the introduction of GDPR we have reviewed our systems, processes and procedures to ensure we’re fully compliant by May 25, 2018. For example we are:

  • we have updated all of our electronic systems increasing data integrity, confidentiality and availability.
  • a new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.
  • updating our Privacy Policy to ensure our compliance in respect of the data we hold about you.
  • reviewing Staffvetting’s functionality to make Staffvetting more efficient for users who are subject to the GDPR.
  • making all our consents clearer and understandible.

What information does the GDPR apply to?

The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Who does GDPR affect?

It affects every business within all 28 EU Member States.

GDPR also affects businesses outside the EU who process the personal data of EU residents and offer them goods and services, irrespective of whether payment is required; or where the processing by a business relates to the monitoring of the behaviour of EU residents in so far as their behaviour takes place within the EU.

What is the difference between the DPA 2018 and the GDPR?

It affects every business within all 28 EU Member States.

GDPR also affects businesses outside the EU who process the personal data of EU residents and offer them goods and services, irrespective of whether payment is required; or where the processing by a business relates to the monitoring of the behaviour of EU residents in so far as their behaviour takes place within the EU.

How long will you keep my data?

From 25th May 2018 we will keep your data up toapproximately 28 days (subject to our audit and compliance requirements) after the service provision has been completed for that unit of work. The data will be deleted and/or nullified which will remove all but the core data including name, consent, customer name and submittal date will be retained.

What is a Subject Access Request (SAR)?

Individuals (e.g. employees) have a right to be informed by an organisation (e.g. their employer) whether or not it is processing personal data that relates to them and, if so, to be told:

  • What personal data it is being processed.
  • The purposes for which the personal data is being processed.
  • Who, if anyone, the personal data is disclosed to.
  • The extent to which it is using the personal data for the purpose of making automated decisions relating to the data subject and, if so, what logic is being used for that purpose.

Employers are required to respond to an SAR by providing, in an intelligible form, copies of the personal data and any information about the sources of the data.  There is currently a 40 calendar day time limit to respond to the request.

What data will you keep relating to me?

We are required to retain certain information for audit, legal and compliance purposes. The data retained will be your name, the customer name and consent data.

Do you have a nominated Data protection Officer?

Yes, our Data Protection Officer is Steve Dews, his contact details are steve.dews@staffvetting.com.
///