General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) comes into force on 25 May 2018 (this includes the UK regardless of the referendum decision to leave the EU). The GDPR will impact every organisation which holds or processes personally identifiable information (Pii). It introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the Data Protection Act 1998 (DPA) which the GDPR supersedes.
Applicable Ltd have always been and remain committed to the highest standards of information security and privacy. We place a priority on protecting and managing all Pii in accordance with data protection legislation in all the geographies in which we operate and that required by our contractual obligations with Customers and Data Controllers.
Applicable’s main areas of focus for GDPR is enhancing an already robust, and holistic Information Security Management System (ISMS) certified to ISO27001:2013. Embedding in the already established control set augmented Privacy Information Management System controls to meet requirements for GDPR. This work has been ongoing for two years throughout which it has been actively sponsored by the Applicable Board, overseen by the Applicable Data Protection Officer and supported by an internal cross-functional team and external specialist resources.