top of page

GDPR Commitment Statement


Last Updated: 16 November 2020


The new EU General Data Protection Regulation (GDPR) came into force on the 25th of May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data.

Simply put, data subjects will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed.


Charmaine Brown is committed to achieving compliance with GDPR and we are actively taking steps to ensure that we will be ready for GDPR.

Here is a summary of our progress so far:

Training and Awareness

  • We have board approval and support from the whole business to become compliant

  • We are educating all members of the business about GDPR and the changes that will be required by our business

Data Audit

  • We have conducted an information audit of all areas of our business and services which are likely to be impacted by GDPR

  • We have identified all systems and locations that hold personal data to ensure that we know why we hold it, how we obtained it, how we process it, how we share it and how long we will retain it for

Policy Development

  • We are reviewing and will implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR

  • We are reviewing and updating our data related policies, including our Privacy PolicyCookies Policy, Data Retention Policy, Data Protection Policy and Information Security Policy


  • We are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing 

  • their information

Security Measures

  • We are implementing appropriate technical measures and appropriate controls to preserve data integrity and privacy

  • We are implementing appropriate procedures to ensure personal data breaches are detected, reported and investigated effectively

Supplier and Partner Relationships

  • Where relevant, we will be ensuring that our third-party suppliers are complying with GDPR


  • We are documenting our processing activities and will maintain records on our processing activities and our lawful basis for processing data

Individual Rights

  • We are ensuring that our current systems will support the rights of individuals under GDPR, including the requirements around subject access requests

bottom of page