Keytree & GDPR – our approach
Keytree adheres to the requirements set out in the EU General Data Protection Regulation 2016/679 (GDPR) of the European Union and Parliament.
GDPR has an enormous impact on companies that use, access, reference, store or process any personal data. EU residents will now have a much greater say and control over what, how, why, where, and when their data is used, stored and also deleted, or removed. GDPR clarifies how the EU personal data laws apply within the EU and globally when related to EU residents.
Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Keytree is a global technology consultancy and holds personal data on our current and former employees and associates, and act as a data processor for our clients. We understand our obligations under GDPR with regards to this data and have put appropriate policies in place to ensure they are met. These are:
Policies for Data Protection & Retention: Keytree maintains a set of policies for the storage, protection and retention of data. Along with procedures to address and review enquires by individuals related to the data we hold on them – these policies, and the monitoring thereof, are overseen by the board of Keytree directors.
Procedures for dealing with data breaches: Keytree has procedures to respond to data breaches including notifying the appropriate authorities and individuals.
Data Protection Officer: Keytree has appointed a Data Protection Officer who is responsible for ensuring overall GDPR compliance for all Keytree’s personal data processing activities. The Data Protection Officer reports directly to Keytree’s Chief Operations Officer.
Staff Awareness: All staff and associates receive mandatory data privacy and protection awareness training on joining and via annual refresher courses.
Data Integrity & Security: Keytree has a firm commitment to data security, integrity and protection. Keytree is certified to the ISO 27001:2013 Information Security Management System standard to ensure we have appropriate organisational and technical data protection controls in place.
Suppliers: We take appropriate steps to risk assess our suppliers and ensure we have GDPR clauses in all our supplier agreements when required.
For any questions about our GDPR compliance please contact firstname.lastname@example.org
Making a subject access request
The General Data Protection Regulation (GDPR) 2016/679 provides you with the right to receive a copy of the data/information Keytree hold about you or to authorise someone to act on your behalf.