GDPR Compliance Statement
New data protection legislation came into force in May 2018. The new law applies to all public bodies, businesses and other organisations that process personal data. This provides a single regulation across the European Union (EU) and places obligations on organisations that operate outside of the EU but provide goods or services to EU citizens.
TCTC always has and always will place a high importance on data protection.
TCTC acts as:
Data processor for our clients clinical trial data
Data controller of our client and supplier contact information
Data controller for the personnel information of our employees
We view GDPR as a constant programme of works that will require continuous monitoring, management and improvement.
Our main activities:
Data Impact Assessments & Data Inventory
Website Privacy Notice
GDPR training & awareness
Supplier & Partner relationships
We have undertaken a review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data have included information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.
All new clients sign a GDPR ready Master Service Agreement and GDPR ready Data Processing Agreements are available for all existing contracts.
We have reviewed all our existing policies, SOPs, templates and record sheets for GDPR compliance. We have created further policies to ensure GDPR compliance.
The TCTC privacy notice has been updated to ensure GDPR compliance.
Internal staff briefings and training have been carried out and senior management are aware of their corporate responsibilities.
Where required, GDPR supplier agreements are being completed to ensure that our third party and suppliers are complying with the GDPR
We are reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.
A DPO has been appointed and can be contacted via email firstname.lastname@example.org