GDPR

Sandown Coachworks is committed to complying with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

UK Data Protection Act 2018 & EU GDPR

The UK Data Protection Act 2018, which incorporates the principles of the EU General Data Protection Regulation (GDPR), governs how personal data must be handled.

These regulations impose legal obligations that have a significant impact on the way organisations process personal data.

Sandown Coachworks will regularly communicate with suppliers and customers regarding compliance. We recommend all companies regularly check the ‘What’s New’ section of the Information Commissioner’s Office (ICO) website for updates on data protection regulations.

How is my organisation affected?

The UK’s decision to leave the EU does not affect the implementation of the GDPR in the UK. All organisations operating within the UK that process personal data of individuals within the EU are required to comply with GDPR.

Unlike the previous Data Protection Act 1998, the GDPR and the Data Protection Act 2018 apply to both ‘controllers’ and ‘processors’ of personal data.

For further guidance on the roles of data controllers and processors, please refer to the ICO website.

Key changes under GDPR and the Data Protection Act 2018

The regulations introduce several new rights for “data subjects,” including the Right to be Forgotten and the Right to Data Portability. Organisations must ensure these rights are embedded within their operational processes. Additionally, the regulation mandates breach reporting to both the ICO and the affected data subject(s). Fines for breaches can be substantial, reaching up to 4% of global annual turnover or 20 million Euros, whichever is higher. For more information about Sandown see our About us page.