- 01206 805405
We provided GDPR training and Cyber Security training to all members of staff, who have each received certificates confirming their knowledge and understanding of the changes to legislation. All of our employees sign User Agreements that bind them to our policies. We are also shortly going to be introducing additional screening checks for new employees. Our existing staff will also be subject to these checks for additional reassurance.
STRICT INTERNAL SECURITY PROTOCOL
We enforce a strict password policy (access to TVAS secured by a separate password to login), lock screen timeouts, locked filing cabinets with keys secured in separate key safes depending on the area of business. There are office entry controls and separate secure access to the Server room. We have a secure firewall, that has been externally tested for penetration as part of our Cyber Security Plus accreditation, and non-removeable anti-virus and malware detection software installed on each PC, Tablet and Laptop. PCs, etc are locked down so that USB and CD/DVD storage is not accessible by staff.
SECURE SERVERS AND DATA BACKUP
We use Microsoft Azure services and a local server for providing our services. Backups of data occurs daily to local media and to google servers and these are encrypted. All Microsoft Azure and Google servers used for data storage are in European data centres.
PAPER RECORDS DESTROYED SECURELY
All of our paper files containing member information received as part of our data collection process is destroyed within 3 months of the report being completed/cancelled and is securely destroyed onsite by DataShredders Ltd. DataShredders also provide us with secure disposal of all electronic devices and hold the following accreditation – Information Destruction BS EN 15713 : 2009.
Please visit their website for additional information.
GDPR AND OUR SOFTWARE/SERVICES
As we have separate elements to the business (Transvas Profiler software, Transfer Bureau and Bulk Projects services), GDPR is affecting these areas in different ways. We have therefore created sub sections within this page to provide more information - see the associated entry on the right hand side of this page.
BREACH REPORTING PROCEDURE
Should you identify a data breach you can download a copy of our Breach Report Procedure by clicking HERE.
Should a member wish to receive any information we currently hold on them, please contact GDPR@ompensions.co.uk or 01206 805405 and we will arrange to issue the relevant forms to the member for completion.
ICO Ref: ZA061741