Getting GDPR ready: Spring Clean your data this week

Important message about our first Group-wide Spring Clean Week ahead of May's GDPR legislation.

Dear colleagues

In May this year new European wide data protection legislation will come into force to regulate what personal data about individuals can be stored by companies in order to protect customers and colleagues alike. The EU General Data Protection Regulation (GDPR) will give people more say over what companies like ours can do with their data, and introduces large fines for non-compliance or data breaches.

We have also produced detailed guides for each market on what data is allowed to be retained and for how long, and what needs to be deleted. You can find out more on HeartBeat.

Ahead of 25 May 2018, when the law comes into effect, you need to make sure that any personal data you hold - either in paper copy or on computers or other electronic storage, that you don't need and are not permitted to hold - is deleted and securely disposed of. This week we are holding our first Group-wide Spring Clean Week (9-13 April) where we’ll be asking you to spend time to deleting or disposing of things such as old CVs, details of colleagues who have left, customer booking details and customer complaints. You can find a list on HeartBeat of everything that needs to be removed or, if you need to keep it, how long you are legally allowed to store it for.

If you are on leave during this week’s Spring Clean don’t worry, just review your systems and files as soon as you return. Purging our data like this will become a regular requirement to ensure we all stay GDPR compliant, and it is essential we all do this first one by the May deadline.

Thank you in advance for all your efforts, I appreciate that this will mean a new way of working but it is necessary to make sure we are legally compliant and to ensure our customers and colleagues are fully protected.

Kind regards

Alice Marsden
Group General Counsel and Company Secretary



  • Follow us