The General Data Protection Regulation (GDPR) is a set of European Union (EU) laws that come into effect on May 25th 2018.The GDPR will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.Graduates First is committed to high standards of information security, privacy and transparency, in preparation for the GDPR we have reviewed our policies and procedures concerning the following areas;Data Capture & ConsentWe have reviewed our data capture forms to ensure we only capture and store information relative to the service we provide.We have reviewed the data capture statement to ensure it explicitly informs the user on the reason we require the data.Explicit consent is required to 3rd parties that we share user data with.We have implemented an information register in accordance with the GDPR guidelines.Data DeletionWe have implemented a “Delete My Profile” button which allows users to delete their data from our database.Data RetentionMeasures have been implemented to remove data that is no longer necessary. This includes data stored on backup sets.Privacy PolicyOur privacy policy has been reviewed/amended in accordance with GDPR.Security PolicyOur security policy has been reviewed/amended in accordance with GDPR.Breach NotificationThe GDPR requires any breaches of data to be reported to the Information Commissioner’s Office (ICO) within 72 hrs of GraduatesFirst becoming aware of any breach.Data ProcessorsWe will only use data processors who are GDPR compliant.Data Protection OfficerWe have appointed a data protection officer (DPO), For our full GDPR Policy please email enquiry@graduatesfirst.com.