Your browser does not support JavaScript!

The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.

Hoist UK is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards. The company will comply with applicable GDPR regulations when they take effect in 2018, including as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.

The company’s main area of focus in preparing for GDPR overseen by an internal cross-functional team to continue building on existing security and business continuity management systems and certifications, including ISO 9001 to ensure our compliance.


Hoist UK has a robust ISO-based Management System (ISMS) and to ensure compliance we will implement additional company-wide controls to meet GDPR requirements.

We have in place a multidisciplinary project team which, informed by a GDPR gap analysis assessment and specialist advice, has the following priorities:

  • Modify and fine tune our existing management systems, processes and policies (including ISO 9001) to ensure that we are GDPR compliant.
  • Data review – an extensive review of all personal data we hold, as we prepare a detailed road-map which outlines where this data is held, why we hold it and for how long.
  • Process updates – updates to our existing procedures to ensure we have the tools to maintain compliance with GDPR. This includes the appointment of a new Data Protection Officer, and a review of our existing policies such as our data security and incident response plans.
  • Review of consents – review of our existing marketing practices, and associated consents, to ensure that these are transparent, fair and GDPR-ready.
  • Ensure that our employees are fully aware of the new obligations that GDPR will introduce, and sure that there is accountability and shared responsibility for ensuring compliance from our directors and throughout the company.
  • Contractual updates – a full-scale analysis of third parties who process data on our behalf, and updates to our contractual positions to ensure what we (and our customers) are protected as best as is possible. In addition to this, we are updating our current business terms and conditions to give our customers the assurances required under GDPR.
  • Improved subject access – updated subject access request processes to ensure that it is easier and quicker for data subjects to exercise their rights.


Questions, comments and requests regarding this GDPR statement are welcomed and should be addressed to:

Hoist UK
21 Tarran Way North
Tarran Way Industrial Estate
CH46 4UA

Or emailed to