GDPR Policy Statement

1. Executive Summary

TRU welcomes the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018. TRU has always taken information security seriously including that of personal data regardless as to whether TRU is considered a controller or processor.

In terms of the GDPR, TRU has been working towards being fully compliant throughout 2017 and early 2018 in order to ensure that our clients can be certain that they are dealing with a fully GDPR compliant organisation.

2. Assessment

TRU has assessed the GDPR and matched its own activities against the regulations in five key areas. TRU considered the regulation against TRU as:

  • A data controller of its own employee data.
  • A business that provides implementation services.
  • A business that provides support services to it clients in relation to TRU provided solutions.
  • A data processor of third party data such as specific client own customer data where such data is required to facilitate support services provided by TRU to a specific client.
  • A business that develops software solutions.

TRU has a number of policies that are used to ensure GDPR compliance which can be released to a client should a detailed question in respect of compliance be raised.

TRU is currently registered with the Information Commissioner’s Office (ICO).

TRU support services are provided from offices located in the United Kingdom.

3. Activity

Following a thorough assessment, TRU has amended its activities and associated policies and procedures as necessary in order to fully comply with GDPR.

TRU continues to review all of its suppliers and prospective suppliers for compliance with the GDPR.

TRU is carrying out Privacy Impact Assessments as necessary.

The TRU website has been updated so that anyone who accesses the site will have the assurance that they will be contacted, where a request has been raised to do so, and treated in accordance with GDPR requirements. The TRU website contains our privacy policy which is clearly identified.

TRU will continue to maintain and acquire accreditations that demonstrate its commitment to information security, including personal data.