GDPR imposes higher levels of obligations on us in respect of how we store data. Given that the farming unions and NFU Mutual manage our obligations in respect of their clients’ data we need only concern ourselves with data pertaining to our employees and any contractors.
The following policies were drawn up by Databasix Limited, consultants who have assisted the association with our GDPR obligations. One policy is specifically for employees and one is for suppliers. Both policies state that data is not transferred outside of the EEA, however, if the agency is using a 3rd-party software system such as Xero (accounting) or BreatheHR (for employee records) then data is transferred outside of the Europe to the US, therefore the policy will need to be updated to reflect this.