What our promise means to us
We promise to adopt a privacy by design and by default approach throughout our organisation. We embed this approach into our culture, our way of thinking, our processes, services and products.
As and when we build or deploy new tools, features or methodologies, or start working closely with other organisations in a way that involves the sharing of personal information (a"New Initiative") we use a privacy by design and privacy by default approach. In practice, this means complying with privacy laws and our eight Privacy Promises at the earliest possible stage of each New Initiative and throughout its lifecycle.
We understand that in relation to each New Initiative we always need to:
think about privacy from the start;
think about whether we need to use a data protection impact assessment;
assume a default position of high privacy protection;
use appropriate technical and organisational measures to protect personal information;
balance our objectives with the privacy of individuals; and
make privacy protection a key deliverable.
We appreciate that we do privacy by design and privacy by default by keeping our Eight Privacy Promises in relation to each New Initiative. This results in our organisation being less privacy intrusive which is good for us and good for all the individuals we interact with.
What we all need to do to keep our promise
We need to limit the amount of personal information processed, limit the purposes of that processing and limit the number of processing operations by considering the use of, for example, anonymisation, pseudonymisation and data minimisation.
We need to use data protection impact assessments properly and embed them in our business processes. This means:
considering using a DPIA for any major New Initiative which requires the processing of personal information;
always using a detailed DPIA if we conduct processing activities likely to result in a high risk to the rights and freedoms of individuals (e.g systematic evaluations, or processing of special category data);
that where in one of our New Initiatives we identify a high and unmitigated risk to data subjects, we will notify our supervisory authority and obtain its views on the adequacy of the measures proposed by the ICO and/or any other relevant data protection impact assessment to reduce the risks of processing. We will seek the views of data subjects, where appropriate.
We must, in relation to each New Initiative, comply with our Eight Privacy Promises by:
ensuring everyone in our organisation understands why privacy by design and privacy by default are important (our Promise 1 - Awareness);
ensuring that we only process personal information to the extent we need to for a specific purpose and that we have a lawful basis for each processing operation (our Promise 2 - Inventory);
ensuring that individuals are aware of the processing being carried out (our Promise 3 - Transparency);
strictly limiting access to the personal information to those that need to process it (our Promise 4 - Safe sharing);
ensuring that individuals can easily exercise their rights in relation to the personal information being processed (our Promise 5 - Rights of individuals);
ensuring personal information is not compromised, lost, damaged or destroyed (our Promise 6 - Security); and
if applicable, considering whether we need to process personal information outside the EEA and, if so, whether we have effective controls in place (our Promise 7 - International).
Finally, we delete personal information when we no longer need it for the New Initiative and we document everything we do in our Hub.
Our documents demonstrating compliance with our promise
| TEMPLATES - Generic documents for us to customise | |
|---|---|
| If you'd like to see these documents, speak to a Hub Owner or Privacy Champion. |
| RECORDS - Documents recording our compliance activities | |
|---|---|
| If you'd like to see these documents, speak to a Hub Owner or Privacy Champion. |
| INFORMATION - Documents containing information to help us comply | |
|---|---|
| No documents made available yet | |
| POLICIES - Documents containing our policies | |
|---|---|
| No documents made available yet | |
Demo request
Once you have requested a free demo, one of our team will contact you to arrange a convenient time for you to
try out The Privacy Compliance Hub.
The demo takes around 30 minutes and can be completed anywhere as we do this remotely by sharing our screen
with you.
You will be guided through the various data protection tools, templates and features, whilst we explain how
The Hub would be implemented in your organisation.
All of your questions will be answered, ensuring you have complete confidence in our product before you decide
whether it is right for your organisation.
Please complete the details below and we will be in touch very shortly:
Contact us
Please provide some information about yourself and we will get in touch.