Surmount Investigations’ GDPR statement.

After a brief period of mild panic whereby half the population considered GDPR to be the new Y2K, the finish line for GDPR compliance has now finally arrived into sight and companies throughout Europe are now all ‘set up’ and in line with the requirements of the new legislation.

For those who are unaware, the General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy for all individuals. It aims primarily to give control to citizens and residents over their personal data. As per Wikipedia:

“… It was adopted on 14 April 2016 and after a two-year transition period, becomes enforceable on 25 May 2018. The GDPR replaces the 1995 Data Protection Directive. Because the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.”

Here at Surmount Investigations we’ve always been completely compliant with the requirements of the Data Protection Act, in line with our obligations to do so having been registered with the ICO (Information Commissioners Officer) to handle confidential data. We’ve never not been transparent in how we lawfully handle the data we process in order to successfully and efficiently facilitate an investigation. So, for the most part, GDPR regulatory requirements don’t change how we deliver any of our services to our clients for the most part.

We’ve always had our Terms of Business publicly displayed on our website but what’s going to change for us going forward off the back of GDPR implementation isn’t just a mild updating of certain strands of said terms – we’re going to make our data retention policies publicly accessible also, along with our privacy policies, and we’re going to change some of the time periods for file retention too.

In the past all of our investigatory, surveillance and security consultancy operations have generated Operational Briefing Files (or ‘Investigation Proposals’) for our staff and operatives to utilise based off the aims and objectives set between Surmount and our client(s) at the outset of engagement for service. These Files/Proposals have always been available to the client(s) upon request alongside the eventual evidential report. From now on, they will be provided to clients from the outset alongside their contract of service as a means of full disclosure.

You’re going to have found some changes to our website over the last few weeks and you’ll see some more over the coming weeks too, with our (updated) Terms of Business and GDPR relevant documentation easily accessible on our site.

Over the coming months we’re also going to be introducing some data security specialists into the Surmount team to accentuate the Security Vulnerability Assessments we deliver to businesses throughout the North East, to ensure we’re giving the most up-to-date and effective guidance to your organisation.