GDPR & Lesar UK

General Data Protection Regulation (GDPR)

As of 25 May 2018, European data protection legislation will be updated for the first time in 20 years. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to harmonize data protection laws across Europe, regardless of where that data is processed.

What are your respon­sibi­lities as a customer?

Our customers are known as the data controller for any personal data they provide in connection with our services. The data controller is responsible for the data provided and ensure the data provided is in compliance with GDPR.  

If you are the data controller and require further information on your respon­sibi­lities under GDPR, please refer to your protection authority.

You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for, legal advice.

What we’re doing?

Expert Knowledge

We employ and work with security and privacy professionals to maintain our systems, develop security review processes, build security and implement security policies.

Our Policies

Our terms have been updated to reflect the changes required with GDPR. Please view our Privacy Policy on our website. We also have a dedicated General Data Protection Policy available on request.

Processing According to Instruction

Any data that a customer provides will only be processed in accordance with the our current as well as our GDPR updated data processing agreements.

Employee Confi­den­ti­ality

All of our employees are required to sign a confi­den­ti­ality agreement and complete mandatory confi­den­ti­ality and privacy trainings, as well as our Code of Conduct training. Our Code of Conduct outlines expected behaviour with respect to the protection of information.

Use of Sub-processors

Any suppliers, partners or third-parties of Lesar UK are subject to data-processing agreement between us the sub-processor.

Data Retention & Deletion

On request, we can provide and delete any personal information we may hold. Backups are taken daily and those backups are stored for a period of two weeks. After two weeks, old backups are removed.

Standards & Certification

Our customers and regulators expect independent verification of security, privacy, and compliance controls. Our services undergo several independent third-party audits on a regular basis to provide this assurance

Data Protection Registration

Lesar UK is registered with the Information Commissioner’s Office (ICO). This means we are contractually committed to delivering our services in compliance with the Data Protection Act (DPA).

ICO Registration Number: ZA506812

Due Diligence Q&A

Data Protection Officer

Q: Who is your Data Protection Officer?

A: Lee Chadwick


Q: What security accreditations you have?

A: We are currently working towards our ISO27001

Systems and Applications

Q: Where is the data you store located?

A: Datacentres throughout United Kingdom

Q: What measures are in place to protect the physical security of data centres where our data will be stored?

A: Data centres are owned and managed independently, we ensure all partners used to host our data have a data processing agreement in place.

Q: Who has access to our data?

A: Internal members of staff