Data Protection Statement from Enable2 CIC
What is the GDPR?
The General Data Protection Regulation is European legislation that will improve the way data is protected across Europe.
The regulation comes into force on 25th May 2018 but as the Data Protection Act 1998 has been in force for 20 years, this new legislation only enhances and updates the practices already followed and brings data protection and security into line with advancing technology.
GDPR law will be applicable to all organisations in the UK regardless of the UK leaving the European Union.
Please see the Information Commissioner’s Website which will provide all the information needed on GDPR: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
What steps are we taking?
Enable2 is fully committed to protecting personal data and respecting the privacy of individuals and their information, whether we are the controller or the processor of the data. In addition to this we intend to be open and transparent in our dealings with data and acknowledge our accountability in all areas of GDPR.
The responsibility of compliance is not taken lightly and Enable2 are introducing a number of additional standards which will mean that information, data, records and documents held within our premises and systems are secure and safe from any privacy risks. For example:
· Enable2 holds ISO9001 certification and its Quality management System and processes are independently audited annually. ISO9001 ensures records management good practice.
· Enable2 is working towards IASME and Cyber Essentials Plus accreditation which is an Information Security Standard set by the government.
· Enable2 has completed the NHS Digital Data Security and Protection Toolkit which provides confidence in our security and data protection practices to NHS and health organisations.
· We are checking that third parties working with Enable2 are GDPR compliant, working towards GDPR compliance or follow requisite industry standards and making sure contracts are in order so you can have confidence in us and our extended offerings,
Please keep checking back to our website as we progress through the stages of GDPR compliance and the additional certifications which will be coming soon.
Individual rights
Enable2 recognise the need to allow individuals to invoke their rights in respect of data and privacy. Please see the following list of rights that can be requested from Enable2:
- The right to object
- The right to restrict processing
- The right to erasure
- The right to be informed
- The right of access
- The right rectification
- The right to data portability
- Rights in relation to automated decision making and profiling
If you would like to invoke any of these rights, please put your request in writing to:
Liz Weatherill
Enable2 CIC
34 Westgate
Shipley
Bradford
BD18 3QX
If you need to speak to a member of staff, please call 0333 220 1717.
Reporting Data Breaches
Enable2 has undertaken a risk assessment that identifies potential risks and where necessary is implementing enhanced security measures to avoid data breaches.
In the unlikely event that a data breach occurs, and this is the responsibility of Enable2 or any related party, this needs to be reported to us immediately.
In the first instance Enable2 will look to secure the data and ensure that no further breaches are possible. In parallel an investigation will take place and based on guidance from the ICO, a decision will be made whether the breach needs to be reported to other related authorities.
Again, to report a breach, please get in touch using one of the following methods:
Email:
Postal address:
Enable2 CIC
34 Westgate
Shipley
Bradford
BD18 3QX
Telephone:
If you need to speak to a member of staff, please call 0333 220 1717.