GDPR Compliance

Our Commitment to Your Privacy

At Mr Memory, we're dedicated to protecting your personal information and ensuring complete compliance with all current data protection laws - including both the UK General Data Protection Regulation (UK GDPR) and the EU GDPR.

The UK GDPR, incorporated into the Data Protection Act 2018, came into effect on 1 January 2021 following the UK's departure from the EU. It mirrors the core principles of the EU GDPR, ensuring that your rights and privacy remain protected wherever you are.

We've updated our Privacy & Cookies Policy, strengthened our internal systems, and reviewed our agreements with service providers to ensure your data is handled safely, securely, and transparently.

If you would like to know more about the GDPR, we have summarised the key points below. You can find the full details on the Information Commissioner's Office (ICO) website.

For more information on how we use your personal data, please Contact our Privacy Officer.

GDPR Summary


  • More control for individuals

    The GDPR provides expanded rights for individuals in the UK/EU by granting them the right to be forgotten and to request a copy of their personal data.

  • Transparency and privacy notices

    Organisations must be clear and transparent about how personal data is processed, by whom and for what purpose.

  • Obtaining valid consent

    There are stricter rules for obtaining consent, which means that pre-ticked boxes and inactivity no longer constitute valid consent.

  • Lawful processing

    You must identify and document the lawful basis for any processing of personal data.

  • Compliance obligations

    The GDPR requires organisations to implement appropriate policies and security protocols, conduct privacy impact assessments, maintain detailed records of data activities, and enter into written agreements with vendors.

  • Data transfers outside the UK/EU

    The transfer of personal data outside the UK/EU is only allowed to designated countries, those complying with an approved certification mechanism, or through model contracts or binding corporate rules.

  • Data breach notification & security

    The GDPR requires organisations to report certain data breaches to data protection authorities and, in some cases, to the affected data subjects. The regulation also places additional security requirements on organisations.

  • Data protection officer (DPO)

    The appointment of a DPO is mandatory for some organisations where large-scale or sensitive data processing takes place.

  • Data protection by design and by default

    Organisations must build effective data protection practices and safeguards into systems and processes from the outset.

  • Increased enforcement

    Under the GDPR, authorities can fine organisations an amount based on the seriousness of the breach and damages incurred.

 
Google
Rated 4.8 out of 5
on Google
* * * * *
John Fiore - 12 Jun 2026
Excellent and well laid out website, easily found my motherboard and the correct memory sticks for it. Prompt and well packaged delivery. PC now much faster.