HCI Data Ltd
General Data Protection Regulation
Home Company information Request information Prices Clients Site map Contact us

General Data Protection Regulation

General Data Protection Regulation is usually abbreviated as GDPR.

The General Data Protection Regulation is a EU regulation for the protection of individuals with regard to the processing of personal data. It will become binding in all Members States of the European Union on 25 May 2018.

Privacy and data protection are fundamental rights protected by EU law providing a legal basis to support the rights of data subjects under the GDPR.


Special or Sensitive Personal Data

This includes:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data
  • biometric data used to uniquely identify natural persons
  • health data
  • data concerning individuals’ sex life
  • sexual orientation

HCI Data Ltd does not store special or sensitive personal data about its clients.

Records of Processing Activity

Article 30 of GDPR requires controllers have to maintain records of all processing activities. Controllers can be exempted from this obligation when they have no more than 250 employees.

Lawful Basis for Processing

In order to process personal data the Data Controller must have a lawful basis to process the data. A lawful basis will be one (and only one) of:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests
  • Special category data
  • Criminal offence data

No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.

The vast majority of personal data processed by HCI Data Ltd will be on the basis of "contract". This lawful basis is used in order to process someone’s personal data to fulfil contractual obligations to our clients or because a potential client have asked HCI Data Ltd to do something before entering into a contract (e.g. provide a quote).

Privacy and Electronic Communications Regulations

Although not part of GDPR, a "sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email. Toni Vitale, head of regulation, data and information at law firm Winckworth Sherwood May 2018

Valid XHTML 1.0 Transitional
Last Updated: 25-May-2018
HCI Data Ltd.
HCI Data Ltd is a member of Nominet UK - the UK Internet Names Organisation HCI Data Ltd is a member of the Federation of Small Businesses