The Cyber Security Challenge UK Ltd is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognise our obligations to update and expand our existing protection program to meet the demands of the General Data Protection Regulation (‘GDPR’) and the UK’s Data Protection Bill.
Data protection: our main policy and procedure documents for data protection have been overhauled to meet the standard and requirements of GDPR. Accountability and governance measures have been improved to ensure that we understand and adequately evidence our obligations and responsibilities. We focus on privacy by design and the rights of individuals.
Data retention and erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically and in accordance with the data subjects rights.
Data breaches – our breach procedures have been updated to ensure we have safeguards and measures to identify, assess, investigate and report any personal data breach at the earliest possible time.
Obtaining consent – we have reviewed and updated our consent mechanism for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. Evidence of an affirmative opt-in, along with time and date records is an important part of this process, and supports the individuals ability to understand their right to withdraw consent at any time.
Processor agreements – where we use any third party to process personal information on our behalf we are drafting compliant processor agreements and due diligence procedures to ensure that they meet and understand their GDPR obligations.