Garnell GDPR Statement

Garnell Corporate Communications Ltd & associated companies (Garnell)


General Data Protection Regulation (GDPR) Statement

GARNELL’S GDPR PROGRAMME: The General Data Protection Regulation (GDPR) is a new data protection law coming into effect from 25th May 2018, which is intended to strengthen and unify data protection for all individuals within the European Union.


Garnell has a GDPR programme that is well underway to ensure that we are ready for the new legislation. All of our policies and procedures adhere to the current data protection act (1998), but will align to the GDPR when it takes effect on 25th May 2018.


GARNELL’S COMMITMENT: Garnell is committed to high standards of information security, privacy and transparency and will ensure that our data processing activities comply with the obligations laid out within the GDPR.


Garnell has developed policies, procedures, controls and measures to ensure continued compliance with the GDPR and its principles, including staff training, policy documents, audit measures, ongoing monitoring, reviews and assessments. Further details below:


AWARENESS:  Briefing and training staff so they are aware of the risks to the business and what needs to happen to get GDPR effective.


SPONSORSHIP: Appointed a Management sponsor to work with the Data Controller and working group who supports and oversees all internal GDPR work programmes.


LEGAL OPINION: Translated the GDPR into deliverables and functionalities so that Garnell can review progress against their compliance objectives.


PERSONAL DATA DISCOVERY: Conducting a Data audit of Personal Identifiable Information (PII): location, format, storage and security assessment.


POLICY GAP ANALYSIS:  Review and update of existing data protection policies, training, privacy notices etc. to be ready for 25th May 2018.


TECHNICAL GAP ANALYSIS: Where IT solutions can accelerate GDPR effectiveness acquiring and installing these IT solutions and services.


SECURITY CERTIFICATIONS & IMPROVEMENTS:  Continued commitment to the ongoing review and monitoring security, tools and data protection across the business.


CUSTOMERS:  Aligning to our commitments as a Data Processor and adhering to all mandatory requirements set out under GDPR


If you require any further information around GDPR, please email our Data Controller, Alison Hull  at:

We will process your request within 30 days.

Got a question?

Why not talk to our team