CREST GDPR Compliance Statement

CREST (International) (hereafter referred to as CREST) is a registered company in England and Wales under number 09805375.  Our registered office is Abbey House, 18-24 Stoke Road, Slough, Berkshire SL2 5AG, UK.

CREST (International) is registered with the Information Commissioner’s Office (ICO) under number ZA229721 for the processing of data.

CREST (International), which includes CREST (GB) and other CREST Chapters, embraces the General Data Protection Regulation (GDPR) which comes into force in EU Member states from 25 May 2018.  The UK Government has confirmed that the UK’s departure from the European Union will not affect the commencement of the GDPR in May 2018 although there may be adjustments to its application once the UK has left the EU.  The GDPR applies to processing of data carried out by organisations operating within the EU and it also applies to organisations outside the EU that offer goods or services to individuals in the EU.

The GDPR put into practice eight rights for individuals which are:

To process personal data, organisations must have a lawful basis for doing so.

There is no GDPR Compliance Certificate.  The ICO can audit any organisation to assess whether they are compliant or not.  Failure to comply or evidence of gross data breaches can produce a fine of up to 4% of annual turnover or up to €20m fine.

This data protection statement ensures that CREST:

CREST places high importance on information security, privacy and transparency and will comply with the GDPR as a processor and controller of data.  We have been engaged in a programme of development to deliver the requirements of this legislation.

CREST has:

You can view our Privacy Policy at