Compliance

GDPR Compliance

Full compliance with UK GDPR and the Data Protection Act 2018

UK Data Services is fully compliant with UK GDPR and the Data Protection Act 2018

Our Position

Our GDPR Commitment

  • We collect only publicly available data and establish a clear lawful basis before any personal data is processed
  • Data minimisation is applied to every project — we collect only what is genuinely required for the stated purpose
  • End-to-end encryption is applied to all data in transit and at rest across our infrastructure
  • Full audit trails are maintained for every data collection activity and provided to clients for their own compliance records
  • Our compliance team reviews every project prior to commencement and flags any data protection concerns before work begins
  • We maintain a Data Processing Agreement (DPA) with all clients and provide full documentation of processing activities

The Framework

Six Data Protection Principles

Lawfulness & Transparency

  • Lawful basis identified before processing begins
  • Privacy notices provided to data subjects where required
  • No deceptive or covert data collection methods

Purpose Limitation

  • Data collected only for specified, explicit purposes
  • No further processing incompatible with original purpose
  • Purpose documented in writing for each engagement

Data Minimisation

  • Only data necessary for the purpose is collected
  • Scope reviewed and challenged during project planning
  • Personal data excluded where business data suffices

Accuracy

  • Multi-layer validation applied to all collected data
  • Inaccurate data updated or deleted without delay
  • Quality monitoring throughout collection lifecycle

Storage Limitation

  • Retention schedules defined for every dataset
  • Personal data deleted when no longer required
  • Automated deletion procedures for time-limited data

Integrity & Confidentiality

  • AES-256 encryption for all stored personal data
  • TLS for all data in transit
  • Role-based access controls and regular security audits

Your Rights

Data Subject Rights

Right to be Informed

You have the right to be told how your data is being used, in clear and plain language.

Right of Access

You can request a copy of the personal data we hold about you at any time.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data without undue delay.

Right to Erasure

You can request deletion of your personal data where there is no compelling reason for continued processing.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances while a dispute is resolved.

Right to Data Portability

You can receive your personal data in a structured, machine-readable format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests, including for direct marketing purposes.

Automated Processing Rights

You have rights in relation to automated decision-making and profiling that produces significant effects.

Processing Grounds

Legal Basis for Processing

Contractual Necessity

  • Delivering data services requested by a client
  • Processing project-related communications
  • Managing accounts and invoicing

Legitimate Interest

  • Business intelligence derived from publicly available sources
  • Fraud prevention and security monitoring
  • Service improvement using anonymised analytics

Consent

  • Marketing communications where opted in
  • Analytics cookies on our website
  • Third-party data sharing beyond service delivery

Legal Obligation

  • Retaining financial records as required by HMRC
  • Responding to lawful requests from regulatory authorities
  • Anti-money laundering and fraud prevention obligations

Questions About Compliance?

Our team can discuss your specific data protection requirements and how we approach compliance on your project.

Contact Our Team Read Our Privacy Policy