Our commitment to GDPR

The General Data Protection Regulation (GDPR) has been described as a “game changer for everyone” by the Information Commissioner’s Office. This new piece of EU data protection law represented a major shake up in the way we collect, process and store personal data. It aims to standardise data protection law across the EU, giving individuals more control over how, when and by whom their data is processed.

Secret Warriors is committed to partnering with our customers on GDPR. Here we explain what we have done and what we will continue to do to achieve GDPR compliance internally.

How we prepared for GDPR: We adopted a company wide approach to become GDPR ready and our working group prepared the business for the significant changes involved. These include:

  • Updating and amending our terms and conditions, customer agreements and privacy policies and statements to bring them in line with the GDPR.
  • Ensuring that correct and appropriate contractual terms are in place with data processors including data security and international data transfers.
  • Updating our internal policies and practices to reflect GDPR requirements.

Security Standards and Certifications: Protecting our customers privacy and securely managing your data is a high priority for us. All our web properties use SSL (secure sockets layer) to encrypt data you transmit to us across the Internet. Our Development Team manages our servers and data transfer processes for the purposes of maintenance, support and development. Access to our servers is tightly controlled; only authorised company administrators employed directly by Secret Warriors are granted access. Staff training is an important ethos that we hold as a company. As such, we ensure all our staff have an up-to-date working knowledge of data protection law inclusive of GDPR.

Data Processors: To help us deliver the best possible service, we use a number of tools to process data. A data processor can be an organisation or third party provider who manages and processes personal data on behalf of a business. We are working with our providers to ensure compliance with the new regulations, including introducing data processing contracts where appropriate.

Upholding our customers rights: We have embedded, across the organisation, policies and procedures which for example allow customers to access their data in ways that are accessible to them and we have introduced an updated Data Privacy Notice which is regularly updated so that our customers are always aware of all of our data privacy arrangements.