The team at Secured IT Ltd has always taken the care of personal data very seriously and understands the importance of its protection. The new more rigorous standards of data management and protection demanded by GDPR are timely and we have welcomed the opportunity to scrutinise all aspects of data processing at the company. We have involved all members of the team in achieving compliance and we have policies and procedures in place.
Information Audit – we have held a company-wide information audit to identify and assess the personal data we hold, where it comes from, how and why it is processed and if and to whom it is disclosed
Policies & Procedures – these have been revised to meet the requirements and standards of the GDPR and relevant data protection laws
Legal Basis for Processing - we have reviewed all processing activities to identify the legal basis for processing and to ensure that each basis is appropriate for the activity it relates to. We now also maintain detailed records of our processing activities, ensuring that our obligations under Article 30 of the GDPR.
Privacy Notice – we have revised our Privacy Notice to comply with the GDPR ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information
Direct Marketing - we have updated our processes for direct marketing and have included clear opt-in mechanisms for marketing subscriptions for private clients. We also have a clear method for opting out included in all subsequent marketing correspondence. All such correspondence with corporate clients includes clear opt out mechanisms
Data Protection Impact Assessments (DPIA) – where we process personal information that is considered high risk, or when we process such information in a new way requiring new tools, full assessments are carried out to comply with the Article 35 requirements of GDPR. These assessments allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce those risks.
Processor Agreements – GDPR compliant Data Processor Agreements are in place with third-parties that process personal information on our behalf. These detail the responsibilities of the third-parties to reach the demands of Article 28 in full.
Special Categories Data - Special category data is only processed where necessary and where we have first identified the appropriate Article 9(2) basis.
We provide easy to access information via our the Privacy Notice on our website to ensure clients are fully informed about the processing of personal data and the rights they hold with respect to that processing.
Secured IT has a suite of security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and we have several layers of security measures. These are under frequent review to confirm we are able to respond appropriately