The General Data Protection Regulation (GDPR) is a set of European Union (EU) laws that come into effect on May 25th 2018.

The GDPR will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.

Graduates First is committed to high standards of information security, privacy and transparency, in preparation for the GDPR we have reviewed our policies and procedures concerning the following areas;

Data Capture & Consent

  • We have reviewed our data capture forms to ensure we only capture and store information relative to the service we provide.
  • We have reviewed the data capture statement to ensure it explicitly informs the user on the reason we require the data.
  • Explicit consent is required to 3rd parties that we share user data with.
  • We have implemented an information register in accordance with the GDPR guidelines.

Data Deletion

We have implemented a “Delete My Profile” button which allows users to delete their data from our database.

Data Retention

Measures have been implemented to remove data that is no longer necessary. This includes data stored on backup sets.

Privacy Policy

Our privacy policy has been reviewed/amended in accordance with GDPR.

Security Policy

Our security policy has been reviewed/amended in accordance with GDPR.

Breach Notification

The GDPR requires any breaches of data to be reported to the Information Commissioner’s Office (ICO) within 72 hrs of GraduatesFirst becoming aware of any breach.

Data Processors

We will only use data processors who are GDPR compliant.

Data Protection Officer

We have appointed a data protection officer (DPO), For our full GDPR Policy please email