On 25 May 2018, the EU General Data Protection Regulation (GDPR) came into force, reflecting the importance of data protection in our increasingly digital world. Hilljet Construction is a UK Based organisation and for us it is important that the personal information of our customers and our own people is handled in accordance with GDPR.


The new regulation replaces the existing patchwork of directives and national legislation and brings a degree of long-anticipated consistency to the data protection landscape in Europe. This is setting the benchmark for other regions and many countries are following suit with equivalent arrangements. GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability. 

GDPR also seeks to introduce a risk-based approach that enables innovation and participation in the global digital

economy while respecting individual rights.


In our view, the digital economy can only flourish when you connect people, process, information and devices in an ethical, meaningful and secure way. That includes creating an environment in which everyone can easily do business and know their data is safeguarded. We are committed to helping our customers and partners by protecting and respecting personal data, no matter where it is from or where it flows.





Integrating data protection, privacy, and security requirements into product design and development methodologies. Embedding privacy requirements in the development cycle from ideation to launch, to validation. In short, we use privacy engineering techniques to evaluate and build better offerings to turn privacy by design policies into actions and tangible improvements.




Ensuring that Hilljet Construction valued partners and suppliers are best able to meet their obligations with respect to data privacy and establishing transparent arrangements through appropriate information sharing agreements. When we work with new suppliers or with long established strategic partners we look to apply industry leading standards that safeguard personal information.




Reviewing standards and processes to define the personal information lifecycle and help ensure data transparency, accuracy, accessibility, completeness, security, and consistency. Our Privacy Policy reflecting GDPR requirements sets the context for how we obtain,

store and use information relating to our customers and our own people.




Reviewing and improving our enterprise-wide information security framework, ensuring that incident response process remains effective and that confidentiality, integrity and availability of personal information is assured through appropriate technical and organisational measures




Mapping our data and identifying what we have, what we are doing with it, where it is, where it flows, and who has access to it. We classify data based on risk and sensitivity in context. That risk is data-led/ person-led allowing us to focus on the outcome and purpose of processing leads to a better and more holistic risk profile and informs the commitment of data privacy that we make to our customers.




As controllers we are responsible for complying with the relevant requirements under the General Data Protection Regulation (“GDPR”) in respect of the personal data that we hold in connection with the contractual relationship.


As part of our GDPR Readiness activities and as required by the regulations we are updating our analysis of processing activities as part of our continuous review of how personal information is handled across our business operations, products and services.

tel. 01733 475539