Lawton Tubes
GDPR Policy Statement

April 2018

As a business, we have always taken our responsibilities seriously. That includes our responsibilities with regard to gaining consent for the work we do; consents to hold data; and securely managing the data we have.

Our Quality Management System is ISO 9001 accredited and audited. Our QMS is where our policies and procedures sit in relation to how we store and manage data.

As part of the GDPR process the following has been carried out:

  • Responsibility has been assigned for GDPR in the Senior Management Team.
  • Current Data Protection Policies and Procedures have been audited.
  • The lawful basis of processing data has been checked.
  • Records of data processing activities have been developed.
  • Privacy Impact Assessments (PIAs) have been made.
  • Consents have been reviewed to satisfy the requirements of GDPR.
  • Data Breach Procedures have been put in place.

Our managers are in the process of undergoing GDPR training, and this is being rolled out to our staff, together with clear work instructions regarding matters such as subject access requests, requests for information and procedures for data breaches.

We are working with our supplier base to ensure compliance there.

We use global standard cloud based Microsoft product, and have confidence in there resilience.
We are confident that we will be fully GDPR compliant when the new regulations come into effect in May, and that our data is currently securely managed and protected.

Giles Lawton
Managing Director (Operations)

GDPR Policy Statement