GDPR Statement
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation, which came into force on the 25th May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
How will The Wokingham Paper Limited comply with the GDPR?
Our GDPR preparation started in July 2017 and as part of this process we reviewed (and updated where necessary), all our internal processes, procedures, data systems and documentation to ensure that we were ready when GDPR came into force on the 25th May 2018.
Our GDPR Principles are:
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual’s consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection.
- Data Retention and Deletion – When we receive a deletion instruction from a data subject, we will delete the relevant personal data from our systems unless retention obligations apply. Our Data Retention and Destruction Policy clearly sets out such retention obligations.
Data Subject’s Rights – We will fulfil our obligations to respond to requests from data subjects to exercise their rights under GDPR-specified timeframes.
For security purposes, any visitors to The Wokingham Paper Limited at our office location may be required to register personal data at the entrance. This personal data is not kept longer than strictly necessary.
The Wokingham Paper Limited also processes personal data to comply with the eight principles of the UK Data Protection Act 1998.
Data Breaches
Under the GDPR, we must notify any data breach to the controller without undue delay.
The Wokingham Paper Limited therefore has processes, systems and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller.
We would provide the controller with:
A description of the nature of the breach
Contact details of the responsible data protection officer or any other contact person
Likely consequences of the breach
Proposed and imposed measures that were taken to limit harmful effects
Incident Notifications – We shall promptly inform data subjects of incidents involving their personal data in line with any data breach notification terms in our current agreements and the updated terms that will apply when GDPR comes into force.
The Wokingham Paper Ltd Ltd has comprehensive technical and organisational security measures in place to mitigate against a data breach.
Contact Person
Any GDPR related questions should be addressed to: The Wokingham Paper Limited at editor@wokingham.today
