The General Data Protection Regulation (GDPR) will come into force on 25 May 2018 and will govern how companies like Sanctuary collect, store, use and share your personal information (data).

The GDPR will replace the Data Protection Act 1998 and will require all companies to be open and transparent with people they interact with (also known as data subjects).

Under the new regulation, individuals will have stronger rights and greater control over their data. This means that you have the right to be informed about how and why your personal information is being used.

How is Sanctuary preparing for GDPR?

Sanctuary has been preparing for the new regulation since spring 2017. As part of these preparations we have:

  • Mapped our processes to understand where and why we collect personal data;
  • Reviewed our arrangements with suppliers and partners;
  • Checked our systems to ensure that they are compliant
  • Reviewed how we currently inform our customers of how their personal data is used; and
  • Trained staff across all of our operations.

Where required we have developed new data protection practices to ensure fairness and transparency in relation to personal data.

Under the new regulation, you have the right to:

  • be informed about why we are collecting your personal data and how it will be used;
  • request the information we hold on you;
  • withdraw consent. Where we process your personal data on the basis of your consent, you can withdraw your consent at any time meaning we have to stop using the relevant personal data;
  • to be ‘forgotten’; this means you can ask us to delete data we have collected and used on the basis of your consent where this data is no longer necessary for the purpose for which it was collected.

Any questions?

If you have any questions, please email