GDPR Statement

Since its inception on 25 May 2018,  Virtalent has been fully compliant with GDPR regulations.

GDPR was designed to ensure the security and protection of any personal data, to provide a compliant and consistent approach to data protection, giving individuals greater control over the handling of their personal data.

We have put together a GDPR statement which outlines the important steps taken at Virtalent to ensure that we are compliant.  It’s important that you understand how this compliance affects our relationship with you, as a client.  We’d encourage you to read through the statement, which is provided for informational purposes only.

Our Commitment

At Virtalent, we take the protection and privacy of data very seriously.  As such, the following principles have been adopted to ensure full compliance:

  • Ensure all personal information is kept no longer than necessary, kept up to date (where practicable) and is only processed for specified lawful purposes.
  • Ensure our portal facilitates GDPR compliance and is fully secure.
  • Keep our internal team and Virtual Assistants informed and updated of any changes in GDPR regulation. 
  • All internal staff receive full GDPR training and regular refreshers.
  • Ensure all Virtual Assistants have signed a Data Protection Agreement, ensuring compliance. The DPA states that our VAs are Data Processors and clearly outlines their responsibilities in this regard.
  • Maintain registration with the Information Commissioner’s Office (ICO) to guarantee data protection best practices.
  • Remain dedicated to ensuring that GDPR and the protection of your data remains at the forefront, in all relevant areas of the business.

What You Need To Do

Ultimately, it is your responsibility to ensure you take full responsibility in ensuring that your business remains fully compliant with GDPR legislation.

As such, you will need to seek your own professional guidance in this regard.  However, you might find the ICO’s guide for small businesses a useful tool.

It is your responsibility to inform any data subjects of your business, should you decide to share their personal data or and provide access to your Virtual Assistant..  This may require obtaining explicit consent, where required.

To summarise, your obligations include, but aren’t limited to:

  • Provide your Virtual Assistant with clear processes and procedures in relation to how they process data for your business.
  • Ensure that any data shared with your Virtual Assistant is done in a way that ensures GDPR compliance.
  • Work with your Virtual Assistant to ensure that any records are kept up to date.
  • Make sure that you are happy that your Virtual Assistant is GDPR compliant and meets all of your business requirements, in this regard.
  • Never ask your Virtual Assistant to contravene GDPR regulations.
  • Ensure your Virtual Assistant is provided with clear instructions on when to delete data.
  • Be mindful of only sharing data with your Virtual Assistant, as strictly necessary.
  • Remain accountable for your own GDPR compliance.

Relevant Policies

The following policies have all been updated to be compliant with GDPR requirements:

Privacy Policy

Terms & Conditions

The agreements we hold with our team of Virtual Assistants includes a thorough contract and a separate Data Processing Agreement.