At Bureau Certification, we take our data protection responsibilities very seriously. We have taken all necessary steps to rigorously adhere to the EU General Data Protection Regulation (known as the GDPR).

Bureau Certification is a controller over the personal information we use to deliver professional certification and training services. This is because we make our own independent decisions about what personal information we need to deliver these services, and we decide what happens to this information.

In particular, we decide how personal information is used in delivering audits and when deciding upon certification by the standards imposed by Accreditation and Regulatory Bodies.

More information about how Bureau Certification uses personal information in its role as a controller is available in our Privacy Notice.

In addition to updating our Privacy Notice, we have also taken the following steps to achieve compliance with the GDPR:

• We have conducted an internal audit of our use of personal information, to better understand our data flows and assess our legal basis for using personal information

• We have reviewed our existing processes and procedures for handling personal information

• We have updated our information security systems

• We have trained all members of staff on data protection and GDPR