What our promise means to us
We promise to know and continue to know what personal information we collect, what we do with it, where we keep it, who we share it with, how long we keep it and what we do with it when we no longer need it.
We recognise the difference between personal information and special category data (such as sexual orientation) and the consequences of this difference.
We understand that the law requires us to only process personal information (including sensitive/special category data) lawfully and not to collect any personal information which we do not need.
Before we process any personal information, we will ensure that we have a lawful basis to process that personal information.
We understand that unless we have this basic information, we cannot protect personal information and we cannot give individuals their rights in relation to it.
What we all need to do to keep our promise
Each of our Privacy Champions must:
understand and be able to articulate the purpose of each processing operation;
understand the lawful basis for each processing operation;
conduct regular audits to establish what personal information is processed within each part of our organisation and how; and
present their findings using Data Flows as well as by reference to completed privacy audit questionnaires.
We must keep an accurate and up to date record of what personal information we process, where, how and why. We do this by using Data Flows and records (including a Record of Processing Activities which take account of all our systems, business processes and all the countries in which we operate. We understand that if requested by a supervisory authority we may be required to disclose these records.
Our Data Flows and Record of Processing Activities will form the central pillars of our privacy compliance and must reflect what personal information our organisation processes at any point in time. Keeping these up to date must form part of our day to day business processes, including as part of keeping Promise 8 - Privacy by design and by default.
Each time our Privacy Champions meet to discuss a new initiative (e.g. a product update, a new feature, a marketing campaign, a partnership with a third party...) which potentially involves the processing of personal information, the starting point will be to look at the current Data Flows and understand how the new initiative will affect those Data Flows. We know that the more intrusive the new initiative is, the more likely it is that we will need to conduct a Data Protection Impact Assessment.
We recognise that conducting an audit of personal information is not as easy as counting the number of desks and chairs in an office. Personal information moves easily, quickly and can travel a long way without leaving obvious trails. We appreciate that to help keep our inventory of personal information accurate and up to date we need to understand privacy, care about privacy and do our bit by following our organisation’s procedures and policies so that personal information:
does not end up in places it shouldn’t;
is not used for purposes for which it was not collected; and
is never shared with people who shouldn’t have it.
Our documents demonstrating compliance with our promise
| TEMPLATES - Generic documents for us to customise | |
|---|---|
| If you'd like to see these documents, speak to a Hub Owner or Privacy Champion. |
| RECORDS - Documents recording our compliance activities | |
|---|---|
| If you'd like to see these documents, speak to a Hub Owner or Privacy Champion. |
| INFORMATION - Documents containing information to help us comply | |
|---|---|
| No documents made available yet | |
| POLICIES - Documents containing our policies | |
|---|---|
| No documents made available yet | |
Demo request
Once you have requested a free demo, one of our team will contact you to arrange a convenient time for you to
try out The Privacy Compliance Hub.
The demo takes around 30 minutes and can be completed anywhere as we do this remotely by sharing our screen
with you.
You will be guided through the various data protection tools, templates and features, whilst we explain how
The Hub would be implemented in your organisation.
All of your questions will be answered, ensuring you have complete confidence in our product before you decide
whether it is right for your organisation.
Please complete the details below and we will be in touch very shortly:
Contact us
Please provide some information about yourself and we will get in touch.