On 25 May 2018, the European data protection legislation was brought into UK law. The EU General Data Protection Regulation (GDPR) replaced the existing 1995 EU Data Protection Directive. GDPR strengthened the rights that individuals over their personal data and sought to harmonise the data protection laws across Europe, regardless of where the data is processed.
The EU GDPR is an EU Regulation and therefore it no longer applies to the UK. However, GDPR has been incorporated into UK data protection law as the UK GDPR – so in practice there is little change to the core data protection principles, rights and obligations found in the UK GDPR (referenced just as GDPR below).
GDPR recitals continue to have the same status as before – they are not legally binding, they clarify the meaning and intention of the articles.
Skyron is committed to GDPR compliance, whether it is:
We are also committed to helping our customers comply withthe UK GDPR by providing stringent privacy and security protections in our services and contracts. Below are some points for you to consider:
Yes, Skyron customers will typically act as the "data controller" for any personal data they provided in connection with their use of our services.
That means that they determine the purpose and means of processing personal data, while the data processor processes data on behalf of the data controller.
That said, in some cases, where we have built Software as a Service (SaaS) offerings for our clients, they will be "data processor".
Yes, we are typically a "data processor". We process personal data on behalf of the "data controller" when they use our systems or services.
That said, in some cases, where we have built Software as a Service (SaaS) offerings for our clients, they will be a "data processor" and we will be a sub-data processor".
Data controllers and data processors are collectively responsible for implementing appropriate legal, technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR.
Their obligations arise from the data protection principles which require lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects' rights with respect to their data.
Typically, Skyron's customers will provide the legal construct and then work with Skyron to ensure that Skyron's organisational measures undertaken are commensurate with the legal requirements. The same is true from a technical perspective, Skyron will take responsibility to ensure those aspects meet the legal construct.
If you are a data controller, you will find guidance on your responsibilities under GDPR by regularly checking the website of the national or lead data protection authority. For the UK, this is the Information Commissioner’s Office at ico.org.uk.
You should also seek independent legal advice relating to your status and obligations under the GDPR, for legal advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for, such legal advice.
Alongside other duties, "data controllers" are required only to use "data processors" that provide adequate guarantees as to appropriate technical and organisational measures so that data processing will meet the requirements of the GDPR.
Here are some aspects you may wish to consider when conducting your assessment of us with respect to GDPR:
If you have any enquiries or if you require further information about how Skyron collects, uses and/or discloses your personal data, please contact our Data Protection Officer (“DPO”) at this email address: firstname.lastname@example.org.