Framework hub

GDPR

EU / UK ICO

General Data Protection Regulation for organizations handling EU and UK personal data.

Programme aligned

HLD Group maintains policies and controls mapped to this framework as part of our security and compliance programme. This hub describes programme alignment — not a third-party certification or attestation unless separately agreed in your contract.

Programme focus areas

Lawful basis
Data subject rights
DPIAs
Cross-border transfers

Policies meeting this framework

The following published policies and programme documents are mapped to GDPR. Status: published and under periodic review.

Privacy Policy
How personal data is collected, used, stored, and shared.
v2.0 · review every 365 days
Published
Data classification policy
Classification levels and handling requirements for information assets.
v1.3 · review every 365 days
Published
Data retention & disposal policy
Retention schedules and secure destruction of information.
v1.0 · review every 365 days
Published
Data processing & DPA standards
Processor obligations, subprocessors, and data subject rights.
v1.0 · review every 365 days
Published
Breach notification policy
Notifying regulators, customers, and individuals of data breaches.
v1.0 · review every 365 days
Published
Vendor & third-party risk policy
Assessment and ongoing management of suppliers and subprocessors.
v1.4 · review every 365 days
Published
Risk management policy
Identifying, assessing, and treating organizational risks.
v1.5 · review every 365 days
Published

Assurance note

Programme alignment means HLD maintains controls, policies, and monitoring mapped to GDPR requirements appropriate to our services and risk profile. It does not by itself constitute certification, authorization, or a SOC/ISO audit report. Customers requiring formal attestations should contact [email protected].