The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and has impacted every organisation which holds or processes personal data. It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
Citrus Ornge is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards including ISO 27001 and PCI-DSS. The company complied with applicable GDPR regulations when they took effect in 2018, including as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services. Our team of experienced digital specialists will also help to support customers in meeting their obligations through the provision of expert services and value-adding solutions.