The UK GDPR (General Data Protection Regulation) is an important piece of legislation that was incorporated into the Data Protection Act 2018 on 1st January 2021. The UK GDPR is largely based on the EU GDPR which is designed to strengthen and unify data protection laws for all individuals within the EU.
At Mr Memory we are committed to protecting your privacy and to remaining compliant with the latest regulations including both the UK GDPR and EU GDPR.
The Mr Memory website and our Privacy & Cookies Policy have been updated to meet the new regulations and to clarify how we process and protect your personal information. We have also made improvements to our internal systems and updated contractual agreements with our service providers.
If you would like to know more about the GDPR we have summarised the important bits below and you can find all the specifics on the Information Commissioner's Office website.
The GDPR provides expanded rights for individuals in the UK/EU by granting them the right to be forgotten and to request a copy of their personal data.
Organisations must be clear and transparent about how personal data is going to be processed, by whom and why.
There are stricter rules for obtaining consent which means among other things, that pre-ticked boxes and inactivity will no longer suffice as consent.
You must identify and document the lawful basis for any processing of personal data.
The GDPR requires organisations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
The transfer of personal data outside the UK/EU is only allowed to designated countries, those complying with an approved certification mechanism or through model contracts or binding corporate rules.
The GDPR requires organisations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organisations.
The appointment of a DPO is mandatory for some organisations.
There is a requirement to build effective data protection practices and safeguards, from the very beginning of all processing.
Under the GDPR, authorities can fine organisations an amount based on the seriousness of the breach and damages incurred.
Americanino Limited T/A Mr Memory
D3 Yeoman Gate, Yeoman Way
Worthing, West Sussex
Registered in England & Wales - Company Registration No: 02012072.
UK VAT No: GB 641 1660 65.
The trademark Mr Memory is the exclusive property of Americanino Limited and is protected by UK Trademark Registration No: 2616298.