GDPR Compliance Statement


The following statement conveys Edenred’s commitment to complying with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).


What is the GDPR?

The General Data Protection Regulation (GDPR) came into force on 25th May 2018, it replaced the Data Protection Act 1998 (DPA). Whilst many of the new legislation’s main concepts and principles are aligned with the previous DPA there are new elements and significant enhancements to strengthen and unify data protection for all individuals within the European Union.

What has Edenred (UK Group) done to comply with GDPR

Edenred completed a board level approved GDPR compliance project throughout 2017 and early 2018. This prompted cross-business reviews to identify all areas where changes were required to current policies and procedures to assure GDPR compliance was achieved. We engaged with 3rd party legal data protection experts to ensure the new legislation was interpreted correctly and applied throughout the business. The project established and embed GDPR accountability principals to fully support our commitment to protecting all personal information held by Edenred.

Edenred GDPR key initiatives:

Edenred provide a diverse range of products & services to businesses in the UK. We help organisations engage and motivate their people to achieve enhanced performance. This is achieved through the provision of unique and unrivalled total reward solutions; Employee Benefits, Incentives and Rewards, Expense Management and Communications Services. In addition the business model supporting a product can vary to align with client specific needs. To this end, we completed the following key initiatives which illustrate the scope and thoroughness of our approach.

Key Initiatives:             

  • Edenred Group SA has appointed a Data Protection Officer with global oversight.

  • The Edenred (UK Group) GDPR compliance project was board approved and managed by our Information Security & Compliance Officer.

  • Edenred identified and trained employees with responsibilities for key business areas requiring specialist GDPR knowledge.

  • Edenred closely followed the Information Commissioners Office (ICO) guidelines for implementing GDPR.

  • Edenred conducted Information Audits as recommended by the ICO. This activity enabled us to ensure that only personal information required for service delivery is collected and that such information is properly processed.

  • Edenred conducted 3rd party supplier due diligence updated to accommodate GDPR standards.

  • Edenred revised Client Contracts and Terms & Conditions to incorporate GDPR requirements and ICO recommended GDPR clauses.

  • Where required Edenred made software application and technical changes in support of our GDPR obligations.

  • Edenred have updated our Privacy Policy and related procedures to ensure the provision of Individuals’ Rights conveyed by GDPR.

  • Edenred have updated policies and procedures to promote and embed the ‘data protection by design’ principal.
  • Edenred have provided external GDPR training for all employees to familiarise them with new operating standards and promote key principals of GDPR.