GDPR Compliance Statement
The EU General Data Protection Regulation (GDPR) has introduced
the most significant changes to data protection law in two decades.
Based on privacy by design and taking a risk-based approach, the
GDPR has been designed to meet the requirements of the digital age.
The 21st century brings with it broader use of technology, new
definitions of what constitutes personal data and a vast increase
in cross-border processing. The new Regulation aims to standardise
data protection laws and processing across the EU; affording
individuals stronger, more consistent rights to access and control
their personal information.
The operator of uniref, Taskman Innovations Limited ("Taskman"), is committed to ensuring
the security and protection of the personal information that is
processed, and to provide a compliant and consistent approach to
data protection. We recognise our obligations to meet the demands
of the GDPR.
Taskman is dedicated to safeguarding the personal information
under our remit and to developing a data protection regime that is
effective, fit for purpose and demonstrates an understanding of,
and appreciation for, the new Regulation. Our preparation and
objectives for GDPR compliance have been summarised in this
statement and include the development and implementation of new
data protection roles, policies, procedures, controls and measures
to ensure maximum and ongoing compliance.
How We Comply with the GDPR
Taskman already has a consistent level of data protection and
security across the organisation, however our GDPR preparation
- Information Audit - carrying out a company-wide information
audit to identify and assess what personal information we hold,
where it comes from, how and why it is processed and if and to whom
it is disclosed.
- Policies & Procedures - revising data protection policies
and procedures to meet the requirements and standards of the GDPR
and any relevant data protection laws, including:
- Data Protection - our main policy and procedure document for
data protection has been overhauled to meet the standards and
requirements of the GDPR. Accountability and governance measures
are in place to ensure that we understand and adequately
disseminate and evidence our obligations and responsibilities; with
a dedicated focus on privacy by design and the rights of
- Data Retention & Erasure - we have updated our retention
policy and schedule to ensure that we meet the 'data minimisation'
and 'storage limitation' principles and that personal information
is stored, archived and destroyed compliantly and ethically. We
have dedicated erasure procedures in place to meet the new 'Right
to Erasure' obligation and are aware of when this and other data
subject's rights apply; along with any exemptions, response
timeframes and notification responsibilities.
- Data Breaches - our breach procedures ensure that we have
safeguards and measures in place to identify, assess, investigate
and report any personal data breach at the earliest possible
- International Data Transfers & Third-Party Disclosures -
Taskman does not store with, or transfer any personal information
to, any third party; all data remains within Taskman.
- Subject Access Requests (SAR) - we accommodate the revised
30-day timeframe for providing requested information and will make
this provision free of charge. Our new procedures detail how to
verify the data subject, what steps to take for processing an
access request, to ensure that communications with data subjects
are compliant, consistent and adequate.
- Legal Basis for Processing - Our legal basis for processing
personal data is for contract purposes; our customers require the
services provided by the and provide their personal data in order
to have secure access to it.
- Privacy Statement - our Privacy Statement complies with the
GDPR, ensuring that all individuals whose personal information we
process have been informed of why we need it, how it is used, what
their rights are, who the information is disclosed to and what
safeguarding measures are in place to protect their
- Obtaining Consent - we have revised our consent mechanisms for
obtaining personal data, ensuring that individuals understand what
they are providing, why and how we use it and giving clear, defined
ways to consent to us processing their information. We have
developed stringent processes for recording consent, making sure
that we can evidence an affirmative opt-in, along with time and
date records; and an easy to see and access opportunity to withdraw
consent at any time.
- Direct Marketing - Personal data is not used for direct
- Data Protection Impact Assessments (DPIA) - these are not
required as we do not process personal information that is
considered high risk, involves large scale processing or includes
special category/criminal conviction data.
- Processor Agreements - There are no third party processor
agreements; personal data held by Taskman is not passed to any
- Special Categories Data - we do not process any special
Data Subject Rights
In addition to the policies and procedures mentioned above that
ensure individuals can enforce their data protection rights, we
provide easy to access information, via email contact, of an
individual's right to access any personal information that the
processes about them and to request information about:
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be
- How long we intend to store your personal data
- If we did not collect the data directly from them, information
about the source
- The right to have incomplete or inaccurate data about them
corrected or completed and the process for requesting this
- The right to request erasure of personal data (where
applicable) or to restrict processing in accordance with data
- The right to lodge a complaint or seek judicial remedy and who
to contact in such instances
Information Security, Technical and Organisational
Taskman takes the privacy and security of individuals and their
personal information very seriously and takes every reasonable
measure and precaution to protect and secure the personal data that
is stored and processed. There are robust information security
policies and procedures in place to protect personal information
from unauthorised access, alteration, disclosure or destruction and
several layers of security measures exist, including SSL website
data encryption, access controls and a password policy.
GDPR Roles and Employees
Taskman has designated the Taskman Technical Director as the
Data Protection Officer (DPO) to monitor compliance with the GDPR.
Taskman understands that continuous employee awareness and
understanding is vital for ongoing GDPR compliance and has involved
its employees in the preparation plans. If you have any questions
about our compliance with the GDPR, please contact the Data
Protection Officer (DPO).