General Data Protection Regulation - policy
Protection of personal data is a significant issue as many organisations hold and process important information on their clients and customers. Loss of this data can put the data-holder/controller at risk of non-compliance with the General Data Protection Regulation 2016 should they be found not to have taken appropriate measures to protect the personal data they hold.
Enterprise Made Simple Ltd will back up and restore information to ensure client and customer confidentially and compliance.
The area of the Data Protection Act which is most appropriate to our products is the 7th Principle which states:
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
Precautions against burglary, fire or natural disaster.
In the event of a burglary, fire or natural disaster all data held by the customer from the previous backup is secured at offsite data centres ready for immediate restore. Our clients can be confident that we can demonstrate that we have taken appropriate steps to ensure the safety and restore of data under these circumstances.
Backup Copies and Data Validity
Customer information is backed-up daily and automatically. We can demonstrate that there is a secure system of backup and restore.
Separation of Data Files
The data is backed up and held securely offsite at two high-security data centres. We can demonstrate that we have taken appropriate measures to ensure the security of the backed-up data.
Protection against corruption by viruses or other forms of intrusion.
The backed-up data is encrypted and password protected and therefore not accessible to unauthorised parties. In the event of exposure to viruses, the previously backed-up data is available for immediate restore.
Access to backed-up data is password protected therefore audit trails of access are defined and individuals who have accessed the data readily identified.
Data Controllers Seventh Principle Obligations.
Non-compliance with the act may have serious consequences for the data controller possibly leading to compensation claims in the event of unauthorised access to, loss of or damage to personal data.
“An individual who suffers damage by reason of any contravention by a data controller of any of the requirements of this Act is entitled to compensation from the data controller for that damage”.
The General Data Protection Regulation 2016 is wide-ranging and comprehensive legislation covering many aspects of data management. EMS cannot in itself ensure compliance. It can, however, ease customers concerns in this area and offer assistance in complying with the security aspects of the act.
The act in full can be found at http://www.dataprotection.gov.uk/