GDPR 2018 Statement
16-Mar 2018: The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
BTA and UK Travel Awards Ltd comply with all applicable GDPR regulations as a data processor prior to the new regulation taking effect on the 25th May 2018. We are committed to ensuring that we adhere to and follow all policies and processes as defined in the new regulation without exception. We already follow a very strict process with data from our clients. Our current processes have been reviewed and where necessary amendments and enhancements have taken place.
Data processing: Our ability to fulfill our commitments as a data processor
We do not own your data with the exception of the survey and vote that we ask you to cast. This data is stored within a protected environment and is backed up on a secured cloud application which is licensed and managed by our data controller. The data controllers, is a part of our compliance with GDPR. We have worked extensively to ensure we have made appropriate provisions for personal data we store, to balance the risks and responsibilities within our business and in turn protect yours.
Breach of data: We protect our data successfully
In the highly unlikely event of a data breach we will inform you as soon as it is reasonably practical. If the breach is to be reported to a specific authority this will be done automatically, we will maintain records of any and all breach incidents and finally, always investigate how the breach occurred and implement changes to ensure it doesn’t occur (in that format) again. This is one aspect that we have not had to make a lot of change as we have always been security conscious and retained a backup and security audit on all of our data.
Follow this link to inspect our full privacy and data protection policy.