We have made changes to ensure that we are compliant with new data protection regime, the General Data Protection Regulation (“GDPR”), that came into force on 25 May 2018.

What have we done?

We have been working with data privacy specialist lawyers Clayden Law (

We have appointed a Compliance Manager and provide all the necessary in-house training to employees.

We have mapped our data processes and have made changes to ensure we are GDPR compliant, including:

  • We have ensured that we have the correct lawful basis for the collection of personal data
  • We have reviewed all our retention policies and amended where required to ensure they are appropriate
  • We have enhanced our record-keeping practices to ensure we can demonstrate accountability for compliance
  • We have made sure that any third parties that are storing or otherwise handling personal data on our behalf or to whom we transfer personal data have appropriate safeguards to ensure GDPR compliance. We have achieved this through (where appropriate) questionnaires, audits and enhanced contractual provisions or agreements
  • We have made further improvements to our security policy to ensure all the data we store is as secure as possible

We have udpated our current policies/documentation and processes and introduced new policies/documentation and processes, including:

  • Website & Customer Privacy Notice, Privacy Notice for Suppliers & Privacy Notice for Consultants
  • Terms & Conditions
  • Data Protection Policy
  • Data Map
  • Third Party Data Processor Due Diligence Questionnaires
  • Third Party Data Processing Agreements
  • Retention Policy
  • Individual Rights Policy & Data Subject Access Requests Procedures
  • Privacy Impact Assessments
  • Personal Data Breach Notification Policy
  • Security Policy

The above information is provided for guidance only and does not constitute legal advice or otherwise create any legal liabilities or obligation on Tomorrow’s Guides Ltd.

If you have any queries, please email