Our data protection and compliance statement

By May 18, 2018Blog

Chartered Developments want to highlight our ongoing commitment to comply with data protection and reassure our clients that we are proactive in our approach and ethical in our working practices.

In May 2018 the Data Protection Act 1998 (“DPA”) will be replaced by the General Data Protection Regulation  (“GDPR”), which will affect any businesses in the EU that collect, store or use personal data.

“Personal data means data which relate to a living individual who can be identified –

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

– Information Commissioner’s Office (ICO)

How we do business under the GDPR

Under the GDPR, there are 6 lawful grounds that can be used for the processing of personal data. Consent is one of those grounds. However, many organisations operating a business to business (B2B) model will rely on other lawful grounds for the processing of personal data, such as ‘legitimate interest’.

‘Legitimate interest’ is defined in the EU GDPR “lawfulness of processing” article 6(1)(f) as:

“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”


The process of defining a ‘legitimate interest’ to ensure compliance can be broken down into a three-part test:

  • Purpose test: are you pursuing a legitimate interest?
  • Necessity test: is the processing necessary for that purpose?
  • Balancing test: do the individual’s interests override the legitimate interest?

A wide range of interests may be legitimate interests. They can be your own interests or the interests of third parties, and commercial interests as well as wider societal benefits.

The use of 3rd party data and data providers

Chartered Developments source data from 3rd party data suppliers who we consider ethical companies and who show a commitment to comply with current data legislation [and we can] provide policy statements for all our suppliers regarding data compliance and legislation.

Our data partners gather data ethically and a full audit trail of their data sources is available.

‘Legitimate interest’ is the grounds we use for the processing of personal data for direct marketing purposes when using 3rd party data.

Compliance with the Privacy and Electronic Communications Regulations

Chartered Developments also ensure we follow guidance as set out by The Privacy and Electronic Communications Regulations (PECR). Chartered Developments provide TPS and CTPS checking on data. All of our calls are scanned at point of dial for TPS and CTPS, and we ensure that all email marketing is provided with unsubscribe options.

PECR will be replaced by the ePrivacy regulation and Chartered Developments will track any changes that may affect us and our clients.

For more information on our data protection and compliance, please contact us.