To comply with GDPR, PAV i.t. services LTD has carried out the following approach
PAV ensures that their processes, activities and contracts are designed to allow Pav and its
customers to comply with GDPR. PAV does not explicitly meet the requirements as defined by GDPR
Article 37 to require a Data Protection Officer (DPO) however due to our services being delivered
under ISO 27001:2013 and IG Toolkit the mechanisms and processes are closely aligned so a DPO has
been appointed. The DPO has responsibility for PAV’s GDPR compliance.
PAV are continually building on their comprehensive existing security and Information Security
Management Systems (ISMS) to ensure they have robust procedures to underpin the requirements
of GDPR and other applicable legislation.
Data classification and data lifecycles within PAV will ensure that we manage our data to comply
with GDPR and as well as other current applicable laws and regulations.
PAV’s full GDPR statement can be downloaded here.
PAV has also carried out a legitimate interest assessment in order to process its personal data relating to decision makers and budget holders in small to medium sized organisations in the UK. The full assessment is available here.