UK GDPR Compliance Statement
The EU General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union effective from May 25 2018 and retained in domestic law as the UK GDPR following the UK’s departure from the European Union.
The UK GDPR imposes new obligations on organisations that control or process personal data and introduces new rights and protections for EU citizens.
We are committed to ensuring that your privacy is protected and we strictly adhere to the provisions of all relevant Data Protection Legislation, including UK GDPR, ensuring all personal data is handled in line with the principles outlined in the regulation that state:
Personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to the data subject
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Cognassist respects our client and learners rights to data privacy and protection, and as such we undertake regular reviews to maintain all our internal policies, procedures and working practices in order to meet the requirements of the UK GDPR. All personnel are trained annually to ensure high levels of UK GDPR in the organisation.
We place a high priority on protecting and managing data in accordance with accepted standards and helping our clients utilise our products and services.
Cognassist are committed to compliance with the UK GDPR as both a processor and controller of personal data and have established a working group to ensure compliance on an ongoing basis.
DPO and CRO