Read the IT Security Policy
Click here to read our IT Security Policy
This document outlines the basic rules with regard to using data, company equipment and the internet to keep our data secure.
It covers things like:
- Where to save your documents
- Using your own devices
- Password guidance
- How long data should be kept for
Data Breach
It's not just dark web hackers and agents from rogue states that commit data breaches. GDPR defines a data breach as:
- Holding out of date data
- Unauthorised access
- Loss of data
If you have any concerns that a data breach has happened let me or your manager know and we use our Data Breach Response and Notification Procedure document! Luckily we haven't had to use it yet.
DSAR
Its important to know about Data Subject Access Requests. If a data subject requests access to their data then we must respond to their request. We have a DSAR policy but all you really need to know if to pass it onto me. (I wont make you read that policy)
Lawful basis
As we learned on the previous page, you are only allowed to process data if you have a lawful basis. We use legitimate interest to contact prospective customers and we use consent to collect data from forms on the website.
TASK: Make sure you have a line like this in your email signature if you are contacting prospective customers:
We are processing your data using the lawful basis of either legitimate interest or consent. For more information please refer to our privacy notice. If you wish to unsubscribe from further communication please click here
Audits
Its very possible that a customer will comply with their obligation under GDPR to complete an audit of their sub-processors (us) so this is why, along with data security being paramount to the service we offer and our reputation, is why we take this so seriously.
Do I know these things?
- What passwords can I and can't use?
- What data I should delete and when?
- What to do if I receive a DSAR?
- Where I can save my files and where I can't?
Any questions, ask Simeon!