Key Resource adheres to the requirements set out in the EU General Data Protection Regulation 2016/679 (GDPR) of the European Union and Parliament.

GDPR has an enormous impact on companies that use, access, reference, store or process any personal data. EU residents will now have a much greater say and control over what, how, why, where, and when their data is used, stored and also deleted, or removed. GDPR clarifies how the EU personal data laws apply within the EU and globally when related to EU residents.

Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Key Resource is a recruitment consultancy and holds personal data on our current and former employees and associates, and acts as a data processor of candidates’ data so that we can provide recruitment services to our Clients.

We understand our obligations under GDPR with regards to this data and have put appropriate policies in place to ensure they are met.

These are:

Policies for Data Protection & Retention: Key Resource maintains a set of policies for the storage, protection and retention of data. Along with procedures to address and review enquires by individuals related to the data we hold on them – these policies, and the monitoring thereof, are overseen by the board of Key Resource directors.

Procedures for dealing with data breaches: Key Resource has procedures to respond to data breaches including notifying the appropriate authorities and individuals.

Data Protection Officer: Key Resource has appointed a Data Protection Officer who is responsible for ensuring overall GDPR compliance for all Key Resource’s personal data processing activities.

Staff Awareness: All staff and associates receive mandatory data privacy and protection awareness training on joining and via annual refresher courses.

Data Integrity & Security: Key Resource has a firm commitment to data security, integrity and protection. Key Resource, through its relationship with Keytree is certified to the ISO 27001:2013 Information Security Management System standard to ensure we have appropriate organisational and technical data protection controls in place.

Suppliers: We take appropriate steps to risk assess our suppliers and ensure we have GDPR clauses in all our supplier agreements when required.

For any questions about our GDPR compliance please contact [email protected]

For the purposes of providing Recruitment Services, our approach is as follows:

Legitimate Interest

Key Resource processes your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights.

What sort of data do we collect and retain?

Key Resource retains Personal Information (data) about you to help in the Recruitment process. By applying for an advertised position or in response to a direct enquiry from you we will retain information including your Name, Email Address and home address. Any other information that you freely give and which may constitute sensitive information is not retained.

How is Personal Data used?

Information given freely by yourself when applying for a position or registering an interest with Key Resource is only used for the recruitment process. We will not divulge any information to a prospective employer without first obtaining your consent to approach a prospective employer.

How long is Personal Data retained?

We will retain your data on our secure data base. From time to time we may contact you to confirm your wish to either continue representing you or to confirm deletion of your personal information from our data base.

Where do you keep my CV?

We retain a copy of your CV on our secure database.


We are committed to ensuring that your data is kept secure. In order to prevent unauthorised disclosure we have in place suitable electronic and access control mechanisms as described above.  Also, we hold a valid Cyber Essentials certification.

Deletion of Data on request

You may contact us at any time to request us to remove personal information about you. We will action any request within 48 hours and confirm deletion by email. This can be requested via [email protected] .

How do I know what Information you have retained about me?

You may request us to divulge what information we retain about you. This request should be made in writing and should include the approximate date you registered with us and must be signed by you. We will respond by email within 30 days of receiving you written request. Following your request we will either delete or make appropriate changes to your data if you so wish.  Please write to us at: DPO Office, Key Resource, 114 St Martins Lane, London WC2N 4EA.

How do we send you information?

Following your request for information we will email you and attach a document in PDF format which will be written in clear concise and intelligible English.

Transfer of Data

For the purposes of providing Recruitment services, we may pass your details to our Clients.  We will not do this without prior consent.  We are also committed to ensuing that our Clients operate in accordance with The General Data Protection Regulation (GDPR) 2016/679.

Any policy changes due to revised legislation or business reasons will be published on our Web page.


Personal Data – data which relates to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of Key Resource.

Sensitive Data – personal data consisting of information as to the racial or ethnic origin of the data subject, political opinions, religious beliefs or other beliefs of a similar nature, membership of a trade union, physical or mental health or condition, sexual life, the commission or alleged commission of any offence or any proceedings related to any offence.


Making a subject access request

The General Data Protection Regulation (GDPR) 2016/679 provides you with the right to receive a copy of the data/information Key Resource holds about you or to authorise someone to act on your behalf.

Please contact [email protected] or by post to Data Protection Officer, Key Resource , 114 St Martin’s Lane, London, WC2N 4BE to request to view our policies or to see any data we hold about you or to authorise someone to act on your behalf.