General Data Protection Regulation (GDPR) Center

The European Union’s General Data Protection Regulation (GDPR) protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.

How is UTC Hub tackling GDPR?

Data privacy and safeguarding is our number one priority and is our first consideration when developing new features for UTC Hub. This article explains the steps we have already taken and are taking to become GDPR compliant. We have initiated and/or completed several projects focusing on the processing of customers’ personal data. These projects include, but are not limited to:

  • Undertaking a Data Protection Impact Assessment (DPIA) and GDPR readiness assessment.
  • Creating a record of all personal data processing activities.
  • Obtaining, documenting and maintaining a legal basis for each processing activity that we carry out.
  • Verifying the GDPR readiness of our 3rd party vendors and making sure they are compliant (please see Privacy Policy – “Who Else Has Access to your Data” for details of the partners that we work with).
  • Creating a procedure for notifying third parties when customer data needs to be deleted.
  • Creating policies and procedures to respond to data rights requests.
  • Appointing a Data Protection Officer.
  • Introducing more data notices throughout the platform informing users who their data will be visible to.
  • Ensuring that all personally identifiable data is encrypted at rest and in flight.
  • Updating our Privacy Policy to be reader-friendly and easy to understand for young people.
  • Adding a Data Protection Agreement (DPA) to our Terms of Use.
  • Requesting that users logging into UTC Hub agree to updated Terms of Use and Privacy Policy (new users agree to these policies on sign-up).
  • Adding the ability for website visitors to opt in or out to cookies that we use, such as Google Analytics.
  • Producing a public version of our internal security policy to explain how your data is kept safe.
  • Putting in place a Breach Notification Plan.
  • All UTC Hub employees are DBS checked and go through safeguarding training. Access to data is strictly limited to employees that require it.

Upcoming projects include:

  • Upgrading monitoring systems to track, limit and log all data access by UTC Hub employees.
  • Scrubbing all log files of personally identifiable information.
  • Organising survey to assess how easy to understand our new privacy policy is for different age groups.
  • Carrying out extensive penetration tests to highlight and resolve any vulnerabilities.
  • Setting up an intrusion detection system across our databases to monitor for malicious activity.
  • Completing external, independent review of our data protection and safeguarding processes.

All future development of new modules and features for UTC Hub will be preceded by a Data Protection Impact Assessment (DPIA).

We will continue to update you as and when these projects have been completed. Please feel free to refer back to this article and be sure to look out for in-app messages and email communication.

If you have any questions please contact the team on 0203 637 7160 or at