On 25th May 2018, General Data Protection Regulation (GDPR) came into force and overhauled the way in which businesses handle and store data. The UK government will be implementing a new Data Protection Bill – this is ostensibly the same as DPA with a small number of amendments.

What is Changing?

Under GDPR, there are three main changes:

  • It will be easier to access the information that companies hold on you
  • Companies will be subject to more stringent data management standards
  • There will be a new schedule of fines applicable to companies in breach of GDPR

Kuflink’s Commitment to GDPR

Kuflink welcomes the introduction of GDPR. Our bespoke online platform is provided by the business, located solely in the UK, and utilises hosting facilities also located solely in the UK. All Kuflink employees, whether they are considered a processor or controller, have always and will always take information security seriously, especially with regards to personal data.

Kuflink’s investor community can rest assured that we have fully implemented GDPR compliancy; we continue updating our data processes in order to maintain our systems to comply with GDPR.

What is Kuflink Doing to Prepare for GDPR?

Kuflink has amended its activities, policies and procedures as necessary in order to achieve full GDPR compliance. The ISO27001 certificate has been awarded to Kuflink for its information and security systems that provide the confidence to our investors that their data protection is a priority to us and will continue to refine our approach to information security.

Kuflink has already reviewed our suppliers’ approach to data protection and are continually reviewing our marketing activity. Investors are now able to log in to the platform and choose which communications they wish to receive, in accordance with GDPR requirements.

Kuflink will be maintaining accreditations that demonstrate its commitment to information security, as well as extending our overall approach to cover:

  • Expanded Territorial Reach
  • Accountability/Privacy by Design
  • Data Protection Officer
  • Data Processor Obligations
  • Consent
  • Fair Processing Notices
  • Breach Notification
  • Penalties
  • Notification
  • Data Subjects’ Rights