1st July 2017
All data that Curo hosts and processes on behalf of our global client base, is located in ISO 27001 certified UK data centres, and subject to the UK Data Protection Act (1998) which conforms to the existing EU Data Protection Directive currently in force.
The new EU General Data Protection Regulation (EU GDPR) framework becomes legally binding in May 2018. However, post the UK’s referendum vote in June 2016 to leave the EU, will the EU GDPR still cover the data that Curo hosts ? In simple terms, yes. We will still be processing the Personally Identifiable Information (PII) of our clients EU-based employees, and so will be subject to EU GDPR, and therefore the framework will apply to all our data processing activities.
Whatever happens post-Brexit, Curo will continue to apply the highest standards of Data Protection, Security and Privacy. And, if new UK legislation falls short of meeting EU GDPR standards when Article 50 is eventually triggered and the UK eventually leaves the EU, Curo can leverage our flexible hosting model to move to a relevant and appropriate jurisdiction to meet necessary requirements.
For further reading on the impact of the EU GDPR and Brexit, please see this article.