The General Data Protection Regulation (GDPR) is the latest EU data privacy and protection framework. Already passed by all
member states the regulatory requirements set out within the GDPR, and those provisioned within the UK’s Data Protection Bill, will come
into force on the 25th of May 2018.

OUR COMMITMENT

The Lakehouse Group (and all its subsidiary businesses) is committed to compliance for when the GDPR law comes into effect on the 25th of May 2018, this includes building GDPR into current and future contractual commitments. Lakehouse Group GDPR compliance has required the evolution of our current information security management system (ISMS); clarifying, improving and maintaining key data protection and privacy controls.

This journey is an active process and will continue up to and after the enforcement date as the ICO and courts provide additional clarification. Lakehouse Group’s information assurance business, Net Defence, will be responsible for ongoing development and governance of our compliance journey ensuring there is synergy, where possible, across all of the Lakehouse Group businesses.

Crucial efforts have been made in the following areas:

  • Data Privacy: Further understanding the historical and future data we collect, process, hold and share in the context of GDPR. This includes mapping both the data and access as part of our current ISMS while introducing metadata tags regarding legal basis, privacy and, consent
  • Governance and Process: In addition to our current governance, risk and compliance (GRC) strategy the GDPR has provided an opportunity to review and improve processes. We are committed to bringing in both Privacy by Design and Data Privacy Impact Assessments into our current GRC process

Lakehouse Group strives to improve our security, maintaining privacy for the data we hold and ensuring appropriate security across our partners and supply chain. GDPR and wider security compliance are not static operations and we will continue to improve our operational and GRC processes in response to 3rd party audits, changing legislation and the evolving threat landscape.

Our Commitment to Compliance

  • Commitment to meet all regulatory requirements where appropriate, an active process as further clarification is offered by the ICO and courts
  • Build new regulation into current information security management system (ISMS) as part of continued commitment to security and privacy
  • Continue along our journey to achieve compliance for GDPR by 25th of May 2018
  • Plan and prepare to continually improve our policies beyond May 25th 2018
  • Maintain security and privacy of our data and our client’s data to industry standard best practise / applicable laws
  • As data processors we will review all applications within 72 hours
  • We will share your profile with the Hiring Manager within 1 working week
  • If you are unsuccessful in your application, only if your consent has been given, we will keep your CV on file for no longer than 12 months
  • If you do not consent to your data being stored for future vacancies, we will delete within 2 working weeks
  • Lakehouse commit to storing interview notes and data for no longer than 6 months. After this period it will be destroyed

Our Timescale Commitment

  • As data processors we will review all applications within 72 hours
  • We will share your profile with the Hiring Manager within 1 working week
  • If you are unsuccessful in your application, only if your consent has been given, we will keep your CV on file for no longer than 12 months
  • If you do not consent to your data being stored for future vacancies, we will delete within 2 working weeks
  • Lakehouse commit to storing interview notes and data for no longer than 6 months. After this period it will be destroyed

Recruitment Data Journey

Once you have submitted your application, your data will be reviewed by either a member of HR or the Internal Recruitment team. We review every application and do not carry out any form of automated decision making or profiling. If you are shortlisted, your profile will be sent to the Hiring Manager for review. This data will be kept until your interview; after your interview your data will either be stored in a secure location by HR or destroyed.

Your Data

You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or all of it, please: write to us at Lakehouse plc, 1 King George Close, Romford, Essex, RM7 7LS or email DataProtection@lakehouse.co.uk