General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) effective 25 May 2018 (this includes the UK regardless of the referendum decision to leave the EU). The GDPR impacts every organisation which controls or processes personally identifiable information (Pii). It introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the Data Protection Act 1998 (DPA) which the GDPR superseded.
Applicable have always been and remain committed to the highest standards of information security and privacy taking matters of security and privacy seriously. We place a priority on protecting and managing all Pii in accordance with data protection legislation in all the geographies in which we operate and that required by our contractual obligations with Customers and Data Controllers. We have taken the six principles of GDPR and the accountability that comes with that and integrated the GDPR requirements and necessary approaches in to Applicable’s existing security framework as policy. The existing security controls adopted at Applicable are further expanded based upon ISO/IEC CD 27552 Extension for Privacy Management. This approach ensures that specific privacy risk assessments and management controls are included in the overall technical and organisation controls to deliver privacy by design and default, and to satisfy providing a rigorous approach to GDPR. Contractual arrangements with customers, contractors and suppliers reflect changed legislation. Privacy policies and notices are published on the Applicable website with comprehensive supporting policies, procedures and processes in place to ensure Applicable comply with the GDPR.