GDPR Preparation Statement


The following statement addresses Edenred’s commitment to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).


What is the GDPR?

The General Data Protection Regulation, or GDPR, is due to come into force on 25th May 2018. This will replace the current Data Protection Act 1998 (DPA). Whilst many of the new legislation’s main  concepts and principles are aligned with the current DPA there are new elements and significant enhancements to strengthen and unify data protection for all individuals within the European Union.

What are Edenred (UK Group) doing to prepare?

Edenred have a board level approved GDPR compliance project in progress. This has prompted a cross-business review to identify all areas where changes are required to our current policies and procedures to assure GDPR compliance is achieved. We have been engaging with legal data protection experts to ensure we interpret the new legislation correctly and apply it throughout the business. This project will establish and embed GDPR accountability principals to fully support our commitment to protecting all personal information held by Edenred.

Edenred GDPR Statement & scope considerations:

Edenred provide a diverse range of products & services to businesses in the UK. We help organisations engage and motivate their people to achieve enhanced performance. This is achieved through the provision of unique and unrivalled total reward solutions; Employee Benefits, Incentives and Rewards, Expense Management and Communications Services. In addition the business model supporting a product can vary to align with client specific needs. To this end, our GDPR preparation statement aims to communicate the basis of our approach.

Key Initiatives:

  • Our Parent Company, Edenred Group SA, will be appointing a Data Protection Officer with global oversight in the coming weeks and this appointment will be communicated.
  • The Edenred (UK Group) GDPR compliance project is Board approved and managed by our Information Security & Compliance Officer.
  • Edenred has identified employees with responsibilities for key areas of GDPR specialist knowledge.
  • Edenred are closely following the Information Commissioners Office (ICO) guidelines for implementing GDPR.
  • Edenred are conducting Information Audits as recommended by the ICO. This activity will, in particular, enable Edenred to ensure that only personal information required for service  delivery is collected and that such information properly processed.
  • Where required Edenred will conduct Privacy Impact Assessments.
  • Edenred are conducting 3rd party supplier due diligence updated to accommodate GDPR standards.
  • Edenred are revising our contracts to incorporate the GDPR requirements and ICO recommended GDPR clauses.
  • Where required Edenred will be making software application and technical changes in support of our GDPR obligations.
  • Edenred will be updating our Privacy Policy and related procedures to ensure the provision of Individuals’ Rights conveyed by GDPR for May 25th 2018.
  • Edenred are updating our policies and procedures to promote and embed the ‘data protection by design’ principal.
  • Edenred will be refreshing training for all employees to familiarise them with new operating standards and promote the key principals of GDPR.

Frequently Asked Questions:

Edenred processes employee personal information for over 30,000 clients in the UK. This prohibits, in practice, conducting an efficient 1:1 dialogue with all clients about GDPR implementation. Therefore,  in response to an increasing number of client requests for more detailed information regarding Edenred products and services regarding GDPR compliance, we have started compiling a Frequently Asked Questions repository, which will be published in due course. While we are developing this, please email any question to GDPR-UK@edenred.com.When sending a question please indicate the Edenred product(s) you use and your company name. We will keep this list updated to the 25th May 2018 and beyond.

Further Information

If you require further information regarding Edenred’s GDPR Preparation, Edenred can work with you in more detail to provide you with more information. These requests may be subject to an NDA and may incur a fee depending on scope and size of the information or assistance request.

Download the full, signed  PDF of this statement HERE.