GDPR Supplier Compliance Agreement

As you will be aware the General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018, and all organisations are currently preparing for the new regime. Because of this, Blue Shark have been working to build on its current information governance framework, policies and procedures to ensure compliance prior to the enforcement date. 

The purpose of GDPR is to put extra responsibilities on organisations of any size who process personal data as an evolution of the current data protection framework. It also places emphasis on the principle of accountability which requires organisations that process data to demonstrate compliance with the main principles of data protection from lawfulness, fairness and transparency to data minimisation.

However, accountability doesn’t stop at data flows within our organisation. Given how data often moves between other companies we work with, our relationships with suppliers is a critical factor in our compliance journey.

Our Responsibilities 

It is our duty to ensure we follow the guidelines of the GDPR and put controls and processes in place to guard the sensitive data you share with us.

Taking in mind the previous statement, we would like to confirm the following statements:

• All the data we receive which is documented, will be deleted if there is no longer a legal or contractual purpose to hold it.
• Data should not be shared with other parties (unless there has been an agreement made with us to do so).
• Data is stored securely.
• Our organisation has reviewed its internal data protection and cyber security processes and controls.
• We are not using the data for our own marketing purposes (without your consent).

Reporting of all breaches of confidential and personal data, forms parts of our incident reporting process. Any breaches to the data must be reported to our team via email at info@blue-shark.co.uk as soon as it has been identified.