Skip to main content

GDPR Compliance Statement

Data Protection Officer: Soo Slade

The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 (including the UK regardless of its decision to leave the EU) and impacts every organisation which holds or processes personal data. It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it supersedes.

Spoon Behavioural Communications is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards. We have complied with applicable GDPR regulations since they took effect in 2018, including collection of data, while also working closely with our clients and partners to meet contractual obligations for our procedures, products and services.

All of our staff and contractors are familiar with GDPR and their personal responsibilities. You are welcome to see our policy. Please request via our contact us page.

All staff are trained on induction and every two years (or sooner if there is a major change in legislation).

We have a privacy policy which outlines our process for erasing your details from our system. If you wish to be erased, please refer to our privacy policy on our website and follow the instructions or contact us at

Our privacy notice informs people what we do with their personal data and this is saved on our website.

No personal data is transferred outside of the EU

When processing data we undertake the following actions:

  • The processing is lawful, fair and transparent
  • We are transparent about what the data is being used for
  • Data is collected for a specific purpose
  • The data is necessary for the purpose
  • The data must be accurate and kept up to date
  • Data is not kept for longer than necessary
  • The data is kept safe and secure

We do not process sensitive information directly. We may process information on behalf of a client if they request it. This would be subject to strict privacy controls. For our policy on this, please contact the Data Protection Officer.

All storage is secure and our partners and suppliers have GDPR procedures in place.

We have a notification process in place for any breach.