GDPR STATEMENT

 

SIREC TECHNOLOGIES LTD EU GDPR Policy Summary. Updated 1st May 2018.

SIREC TECHNOLOGIES LTD is a registered company in England and Wales. Registered Number 5604364. Registered Office: FMCB, Hathaway House, Popes Drive, Finchley, London, N3 1QF.

SIREC TECHNOLOGIES LTD supports and fully acknowledges its responsibilities under the EU General Data Protection Regulation (GDPR) which comes into force in May 2018.

 

POLICY SUMMARY

(Full policy statements documentation available from the download links alongside)

The EU GPDR enforces key principles to protect the individual and their personally identifiable information (PII).

Lawful: Any data processing must meet the tests described in GDPR [article 5, clause 1(a)].

Transparent: A clear and concise definition of what data processing will be done.

Fair: All processing carried out must conform with how the processing has been described.

Minimised: Only store the minimum amount of data for the required purpose.

Accurate: Ensure data is accurate.

Limited: Store data no longer than is necessary, and delete data permanently if requested by the subject.

Confidential: Ensure data is held securely and, if stored in “the cloud” it is encrypted by default.

 

The Information Commissioner’s Office (ICO) can audit any organisation to assess whether they are compliant or not. Failure to comply or evidence of gross data breaches can produce a fine of up to 4% of annual turnover or up to 20 million Euro fine.

 

SIREC TECHNOLOGIES LTD has implemented an ongoing process to ensure GDPR compliance since late 2017.

Specifically:

• All staff have undergone training on EU GDPR principles and they have confirmed full understanding what and how data on individuals should be retained.
• Data-mapped all client data retained on behalf of SIREC TECHNOLOGIES LTD.
• All third parties that have access to PII have signed compliance agreement statements.
• We perform a regular data review to identify what data is no longer needed and delete it.