Your browser does not support JavaScript!

The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and had an impact on every organisation which holds or processes personal data. It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the previous Data Protection Act (DPA) which has been replaced.

Truss UK is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards. The company will comply with applicable GDPR regulations which took effect in 2018, including as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.

The company's main area of focus for GDPR overseen by an internal cross-functional team to continue building on existing security and business continuity management systems and certifications to ensure our compliance.


We have in place a multidisciplinary project team which, informed by a GDPR gap analysis assessment and specialist advice, has the following priorities:

  • Modify and fine tune our existing management systems, processes and policies to ensure we are GDPR compliant.
  • Data review - an extensive review of all personal data we hold, we prepare a detailed road-map which outlines where this data is held, why we hold it and how long for.
  • Process updates - updates to our procedures to ensure we have the tools to maintain compliance with GDPR. This included the appointment of a new Data Protection Officer, and a review of our policies such as data security and incident response plans.
  • Review of consents - review existing marketing practices, and associated consents, ensuring they are transparent, fair and comply with GDPR.
  • Ensure all employees are fully aware of the obligations GDPR has, and sure that there is accountability and shared responsibility for ensuring compliance from our directors and throughout the company.
  • Contractual updates - an analysis of third parties who process data on pour behalf, and updates to our contractual positions ensuring that we (and our customers) are protected as best as possible. In addition to this, we have updated business terms and conditions to give our customers the assurances required under GDPR.
  • Improved subject access - updated subject access request processes to ensure that it is easier and quicker for data subjects to exercise their rights.


questions, comments and requests regarding this GDPR statement are welcomed and should be addressed to:

Truss UK
29 Tarran Way East
Tarran Industrial Estate
CH46 4TZ

or emailed to