Sunrise has always fully committed to our customers’ rights to data protection and privacy, complying with EU and UK regulations. The introduction of GDPR, effective date 25th May 2018, has provided Sunrise with the opportunity to strengthen our data protection commitment in partnership with our customers. We are currently preparing to comply with GDPR both internally and commercially through a GDPR readiness project across Sunrise. As part of our project, Sunrise is ensuring the seven principles of GDPR are embedded across its business processes. Our dedication encompasses the partnerships we have with our customers, to help them comply with GDPR through enhancements to our products, contracts and documentation. What is GDPR? GDPR is underpinned by data protection principles to guide compliance. The seven principles set out in Article 5 of the General Data Protection Regulation are: 1. Lawfulness, fairness and transparency Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. 2. Purpose limitation Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. 3. Data minimisation Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. 4. Accuracy Data shall be accurate and, where necessary, kept up to date. 5. Storage limitation Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 6. Integrity and confidentiality Data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 7. Accountability The controller shall be responsible for, and be able to demonstrate compliance with the GDPR. Ensuring Sunrise Readiness