The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.

The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Six Degrees places a high importance on information security and within our Group we already comply with a number of standards that also focus on information data security including IS27001, PCI-DSS and Cyber Essentials.

Six Degrees are:

  • Processors for our hosted client data
  • Controllers of our client and supplier contact information, required to; manage & deliver services under contract; manage customer requests & incidents
  • Controllers for personnel information in relation to Six Degree Group companies employees

Our Approach

During our journey to GDPR compliance Six Degrees has been and is continuing to work very closely with an external advisor to ensure we have the expertise required to implement the legislation requirements accurately and comprehensively.

We view GDPR as a constant programme of works that will require continuous monitoring, management and improvement.

Work streams and actions taken

The table below shows the main activities to ensure compliance:

Please review our Privacy Notice at:

Download our Statement and GDPR Compliance here