GDPR Compliance

Purpose
The General Data Protection Regulation (GDPR), effective from May 2018, is a globally applicable piece of data privacy legislation. Black Pig supports the principles of the regulation in establishing rights for citizens with regard to their data and we will take this regulation into account within our internal processes and in the work which we undertake for our customers.

Data Protection Officer
Black Pig has designated David Higgins as its Data Protection Officer. Black Pig’s DPO will take responsibility for all matters relating to data protection and GDPR compliance. To contact David please email the.sty@blackpig.co.uk and include the phrase “GDPR DPO” in the subject line.

Services to our Customers
To comply with the GDPR requirements, a Data Controller (i.e. you, the customer) should appoint a Data Processor (i.e. a company, such as Black Pig, who supplies a service which works on their data) in the form of binding written agreement. This agreement should identify the personal data being processed and include documented instructions, created by the Controller, of their requirements regarding the EU law (or relevant national laws) that are applicable to this data. Black Pig will be reviewing with our customers any agreements which are in place to ensure compliance. This process will ensure that agreements are in place to cover the relevant aspects of Black Pig’s role in the processing of customers’ data (i.e. in matters relating to duration, nature, purpose, data types and the obligations of the Data Controller).

Security and Business Continuity Measures
Black Pig has established working practices over more than two decades which seek to ensure the confidentiality and integrity of the personal data we store or process internally or on behalf of our customers. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.

Data Breaches
Under the GDPR legislation, Black Pig must have the capability to notify the designated Data Protection Officer within our customer’s organisation, without undue delay, in the event of a data breach. Black Pig has implemented systems and procedures to help us identify events that may constitute a data breach, Black Pig will seek, from all of its customers, the contact details of the customer’s Data Protection Officer to ensure that in the event of a data breach, Black Pig can contact the appropriate person to inform them of the issue.

In this event, we would provide the DPO with:

  • A description of the breach
  • The likely consequences and extent of the breach
  • Proposed measures that were taken or could be taken to limit harmful effects

Data Subject Rights
GDPR provides significant enhancements to the rights that individuals enjoy with regards to their personal data. Black Pig will work with its customers, where we hold or process personal data for them, to assist them to determine how best to work within the requirements of the legislation. To this end Black Pig has made contact with all its customers (where it is currently providing services) advising them of changes which we would recommend to assist them in gaining compliance with the regulation. Black Pig recognises that some customers may still be working on the internal aspects of GDPR compliance and where customers are not yet in a position to make changes to elements of their business which relate to services provided by Black Pig, then we will seek to provide them with the necessary services when they are ready to apply those changes:

  • Processing of Data Subject Access Requests or rectification of personal data
  • The clear communication and application of data retention periods and the processes for the erasure of personal data
  • Responding to data portability requests

If you are a customer of Black Pig and you have any questions relating to GDPR or this statement, please contact Black Pig’s DPO on the email address the.sty@blackpig.co.uk including “GDPR DPO” in the subject line.