GDPR & Lesar UK
General Data Protection Regulation (GDPR)
As of 25 May 2018, European data protection legislation will be updated for the first time in 20 years. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to harmonize data protection laws across Europe, regardless of where that data is processed.
What are your responsibilities as a customer?
Our customers are known as the data controller for any personal data they provide in connection with our services. The data controller is responsible for the data provided and ensure the data provided is in compliance with GDPR.
If you are the data controller and require further information on your responsibilities under GDPR, please refer to your protection authority.
You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for, legal advice.
What we’re doing?
We employ and work with security and privacy professionals to maintain our systems, develop security review processes, build security and implement security policies.
Processing According to Instruction
Any data that a customer provides will only be processed in accordance with the our current as well as our GDPR updated data processing agreements.
All of our employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. Our Code of Conduct outlines expected behaviour with respect to the protection of information.
Use of Sub-processors
Any suppliers, partners or third-parties of Lesar UK are subject to data-processing agreement between us the sub-processor.
Data Retention & Deletion
On request, we can provide and delete any personal information we may hold. Backups are taken daily and those backups are stored for a period of two weeks. After two weeks, old backups are removed.
Standards & Certification
Our customers and regulators expect independent verification of security, privacy, and compliance controls. Our services undergo several independent third-party audits on a regular basis to provide this assurance
Data Protection Registration
Lesar UK is registered with the Information Commissioner’s Office (ICO). This means we are contractually committed to delivering our services in compliance with the Data Protection Act (DPA).
ICO Registration Number: ZA506812
Due Diligence Q&A
Data Protection Officer
Q: Who is your Data Protection Officer?
A: Lee Chadwick
Q: What security accreditations you have?
A: We are currently working towards our ISO27001
Systems and Applications
Q: Where is the data you store located?
A: Datacentres throughout United Kingdom
Q: What measures are in place to protect the physical security of data centres where our data will be stored?
A: Data centres are owned and managed independently, we ensure all partners used to host our data have a data processing agreement in place.
Q: Who has access to our data?
A: Internal members of staff