TOOLBOX TALK 01 - GDPR
What is GDPR?
GDPR is the new regulation for data protection coming into force on 25th May 2018. It is intended to protect you and your data, it also provides rights and rules to protect you better than the last regulation did. You may have had numerous emails or heard in the news about GDPR but it is important for you to understand what it is and how it affects you.
Codex Services Group Ltd T/as CDX Security will be what’s known as the ‘Controller’ and ‘Data Processor’ of the personal data that is provided to us.
What is personal data and data processing?
Personal data is any information that allows you to identify a person directly or indirectly. Data Processing can be anything from receiving, searching, disclosing forwarding or transmitting personal data. GDPR is making sure this process is lawful and proportionate.
Why you need to know about GDPR
As an employee at CDX Security you should know that we take data protection very seriously and your data will be kept and processed as securely as possible. Knowing the new regulation will allow you to better understand how and why your data is collected, processed and protected.
Also as an employee for CDX Security you may come across sensitive data that needs processing according to the new regulation – this could be an email, client/customer information, or even a person’s address. And it is your responsibility as an employee of CDX Security to abide by GDPR.
It is your duty to understand GDPR to protect you personally and to protect CDX Security.
What you need to do
Do not give out any personal data on the phone unless you have verified the person’s identity – check their name, email, correspondence address, if you are unsure, don’t disclose anything.
Do not email spreadsheets of personal data without checking that it is secure and that you are disclosing the data to someone appropriate.
There is a strong element of judgment involved – think about whose data it is and how they would feel about it being shared?
Why we need your data
We need to know your personal data in order to provide you with on-going organisational updates, client updates, employee updates, funding information and analysis services in line with this overall contract. We will not collect any personal data from you we do not need in order to provide and oversee this service to you.
What we do with your data
All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so. We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. More information on this framework can be found on our website and in our policies.
How long we keep your data
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Your information we use will be kept with us until you notify us that you no longer wish to receive this information. More information on our retention schedule can be accessed on request at firstname.lastname@example.org.
What we would also like to do with your data
Data may be used to provide the best service possible but will not under any circumstances be transferred to 3rd parties. We would like to inform you of our updated services please email if you would like updates. Data is handled appropriate for use with authorised data handlers in the company and will be held for a reasonable amount of time.
What are your rights
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. email@example.com.
Contact or phone 0845 125 3505.
Remember: We are the biggest risk: our systems are pretty secure but human error causes 99% of data breaches. The take home message is to make sure that:
Our staff don’t give out personal data to an unauthorised person
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office https://ico.org.uk/