1. Executive Summary
TRU welcomes the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018. TRU has always taken information security seriously including that of personal data regardless as to whether TRU is considered a controller or processor.
In terms of the GDPR, TRU has been working towards being fully compliant throughout 2017 and early 2018 in order to ensure that our clients can be certain that they are dealing with a fully GDPR compliant organisation.
TRU has assessed the GDPR and matched its own activities against the regulations in five key areas. TRU considered the regulation against TRU as:
- A data controller of its own employee data.
- A business that provides implementation services.
- A business that provides support services to it clients in relation to TRU provided solutions.
- A data processor of third party data such as specific client own customer data where such data is required to facilitate support services provided by TRU to a specific client.
- A business that develops software solutions.
TRU has a number of policies that are used to ensure GDPR compliance which can be released to a client should a detailed question in respect of compliance be raised.
TRU is currently registered with the Information Commissioner’s Office (ICO).
TRU support services are provided from offices located in the United Kingdom.
Following a thorough assessment, TRU has amended its activities and associated policies and procedures as necessary in order to fully comply with GDPR.
TRU continues to review all of its suppliers and prospective suppliers for compliance with the GDPR.
TRU is carrying out Privacy Impact Assessments as necessary.
TRU will continue to maintain and acquire accreditations that demonstrate its commitment to information security, including personal data.