What is Receipt Bank doing for GDPR?
At Receipt Bank we are committed to respecting your privacy and ensuring that your data is secure.
You may have heard that the EU General Data Protection Regulation ("GDPR"), a new regulation that aims to enhance the privacy rights of EU citizens, comes into force on 25th May 2018. With this in mind, we wanted to update you on Receipt Bank's internal compliance programme that ensures we meet the requirements of GDPR - please take a look below for an overview of the key areas.
|Area||How we will comply|
|✔ Training and policies||
We have implemented a new Data Protection Policy internally and have also rolled out a GDPR training programme across our group companies.
|✔ Processing Activities and Accountability||
We have been working to compile comprehensive documentation about the data that we collect and process, out lawful bases for processing and any potential recipients of that data.
|✔ Data Protection Impact Assessments||
We have established a process to ensure that Data Protection Impact Assessments will be undertaken where appropriate in order to identify and mitigate privacy risks.
|✔ Data Subject Rights||
We are introducing new processes to enable us to respond to requests by data subjects to exercise their rights under GDPR, such as requests to access, rectify, erase or port their data.
We have implemented appropriate technical and organisational measures to safeguard the security and integrity of your data. All data is stored with a trusted and accredited third party and is only accessible through encrypted channels. We are working towards ISO 27001 and are implementing new information security policies internally.
We are ensuring that we adhere to GDPR requirements as to how we capture and record marketing consents.
|✔ Service Providers||
We have reviewed our contracts with third party providers that process data on our behalf and are putting in place GDPR-compliant Data Processing Agreements where necessary.
|✔ Data Exports||
We will ensure that any transfers or personal data to countries outside the European Economic Area are only made on the basis of the EU Model Clauses, or where other adequate safeguards are in place.
|✔ Breach Notification||
We have introduced a new breach notification procedure to ensure that we take appropriate steps, including notifying you and/or appropriate regulatory bodies, should a data breach occur.
|✔ Data Processing Addendum||
We have prepared a GDPR-compliant Data Processing Agreement to be used when Receipt Bank acts as a Data Processor of the data that you provide to us as a Data Controller.
How can I access the Data Processing Agreement?
We have prepared a GDPR-compliant Data Processing Agreement to be used when Receipt Bank acts as a Data Processor of the data that you provide to us as a Data Controller. You can download a .docx copy of this agreement by clicking here, or click here to view and download a .pdf copy.