GDPR Policy Statement

1. Executive Summary

The team at TRU welcomes the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018. TRU has always taken information security seriously including that of personal data regardless as to whether TRU is considered a controller or processor.

Regarding the GDPR, TRU has been working towards being fully compliant throughout 2017 and early 2018 to ensure that our clients can be confident that they are dealing with a fully GDPR compliant organisation.

2. Assessment

TRU has assessed the GDPR and matched its activities against the regulations in five key areas.

TRU considered the regulation against TRU as:

  • A data controller of its employee data.
  • A business that provides implementation services.
  • A business that provides support services to its clients concerning TRU provided solutions.
  • A data processor of third-party data such as specific client own customer data where such data is required to facilitate support services provided by TRU to a specific client.
  • A business that develops software solutions.

TRU has some policies that are used to ensure GDPR compliance which can be released to a client should a detailed question in respect of compliance be raised.

TRU is currently registered with the Information Commissioner’s Office (ICO).

TRU support services are provided from offices located in the United Kingdom.

3. Activity

Following a thorough assessment, TRU has amended its operations and associated policies and procedures as necessary to comply with GDPR fully.

TRU continues to review all of its suppliers and prospective suppliers for compliance with the GDPR.

TRU is carrying out Privacy Impact Assessments as necessary.

The TRU website has been updated so that anyone who accesses the site will have the assurance that they will be contacted, where a request has been raised to do so and treated by GDPR requirements.

The TRU website contains our privacy policy which is identified.

The team at TRU will continue to maintain and acquire accreditations that demonstrate its commitment to information security, including personal data.