GDPR Statement

On 25 May 2018 the European Union’s (EU) General Data Protection Regulation (GDPR) became directly applicable in all EU Member States. The Regulation hails the most significant change to data protection law in Europe in more than 20 years. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to update and improve the manner in which organisations address data protection and data privacy. In the UK GDPR will be enforced by the Information Commissioner’s Office (ICO). Further information and guidance can be found at gdpr-info.eu or at ico.org.uk.

Hill Biscuits has instigated a project to implement changes required to deliver on our legal obligations concerning the handling of personal data provided to us.

The GDPR distinguishes between data controllers and data processors, with data processors processing personal data on behalf of the data controller. The GDPR imposes different requirements and grants different rights to controllers and processors. Hill Biscuits has determined that it is a data controller, as a result of the collection of personal data, the judgement it must apply to how personal data is stored, shared and used, and its legal and regulatory obligations to maintain data. Our work on GDPR has proceeded on this basis.

Our GDPR preparations have included risk assessments of business processes, operations, IT systems, third party relationships, and documentation against the core elements of GDPR. The risk assessment has provided a gap analysis against the new requirements and necessary changes will be addresses as part of the GDPR implementation project through remediation and validation exercises.

Hill Biscuits engages with its employees, stakeholders, customers and suppliers regarding any changes that need to be made to meet the obligations imposed by the Regulation.