General Data Protection Regulation (GDPR) Statement
Introduction
The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
BP Locomotive Works is committed to high standards of information security, privacy and transparency.
User data is only collected when a user registers for updates, submits a form or completes a purchase online at locomotiveworks.co.uk
Data Subject Rights
In plain English, a data subject is any EU citizen from which you are collecting personal data. GDPR compliance requires data subjects be granted certain rights. What follows is not an exhaustive list, but those rights that are relevant to the collection, processing, and storage of personal data on locomotiveworks.co.uk.
Right to Access. Data subjects must be able to request and obtain confirmation that data is or is not being collected on them, and if so exactly what data is being collected, how, where, and for what purpose. That data must also be provided to them in an electronic format free of charge on request.
Right to Be Forgotten. Data subjects must be provided a quick and painless way to withdraw consent and have collected data purged.
Data Portability. Similar to the Right to Access, Data Portability requires that data subjects are able to request, obtain, and/or transfer possession of collected data at any time.
Breach Notification. If a breach/unauthorized access of personal data takes place that is likely to “result in a risk for the rights and freedoms of individuals”, notification must be made within 72 hours of becoming aware of the breach.
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.
[google_analytics_optout]You can Opt-out of Google Analytics by clicking here[/google_analytics_optout]
Where can your find more information about GDPR
You can learn more about GDPR on the following third-party websites:
- EU SME Data Protection: http://ec.europa.eu/justice/smedataprotect/index_en.htm
- ICO UK Guide to the General Data Protection Regulation (GDPR): https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/