Data Protection 

• Any personal data entered on line is held securely on our database for the sole purpose of printing the products the client has purchased.

• We do not pass personal details on to any third parties.

• It is the responsibility of the client (editors) - not Cauliflower Group Ltd - to obtain suitable consent for publishing of personal details.

 

GDPR

European data protection was significantly revised with the adoption of the General Data Protection Regulation (GDPR) in May 2018. Cauliflower Group Ltd is committed to meeting its obligations and has a GDPR Programme to ensure compliance with these additional rules. This will be integrated with our current Data Protection Procedures and we will continue to review and update our procedures with any changes and Company developments. We are registered with ICO and have declared the information we hold.

 

The key GDPR areas that we reviewed in 2018:

​

Audit: 

We have audited what data we have and its storage, access and security.

​

Privacy by design:

Under ICO guidance we currently only collect information from customers that is succinct and relevant for processing jobs. Under GDPR we are reviewing our security of this information both through internal security and web hosting services.

​

Governance and Accountability:

At management level we are ensuring we have reviewed and updated policies & procedures to safeguard data and demonstrate compliance. This will include data mapping and privacy impact assessments where relevant.

 

Raising awareness:

Induction and further training opportunities for our staff to ensure that we raise their awareness of data protection and company policy.

​

Consents, notices and contracts:

We have reviewed these to ensure they are updated to reflect new legal requirements.

​

Transfers:

we will continue to ensure any transfer of personal data from the European Economic Area (EEA) to America (where we outsource our data entry) comply with data security. We will move our data entry to within the EU by 2020.

​

Incident response:

We are reviewing our policy and processes to ensure we are ready for the new requirements with regard notify authorities and users of data breaches in certain circumstance.

​

Lawful Basis for Processing Data in our Marketing:

We are continuing to ensure that we market to individuals who have a 'legitimate interest' (as previous customer) in the products we offer and that they are offered an opt out from further contacts of legacy communications and opt ins for ongoing new communications.

 

GDPR and Data Protection Statement (Word Doc)