What is GDPR?

By Ketan DattaniMarch 3, 2023Advice, Exclusive, News

GDPR (General Data Protection Regulation) is increasingly becoming a concern as we traverse through the digital age, our personal data can be easily accessed at any time and anywhere in the world.

After Brexit in 2020, the UK was required to create its own GDPR standards (based on the EU’s GDPR) which set out key principles, rights and obligations for processing personal data in 2021.

Read more about GDPR with the Information Commissioner’s Office (ICO)

Over to you Ketan Dattani…

What are the legal requirements for a business to protect its customers’ and clients’ information?

Here in the UK, under the UK General Data Protection Regulation (UK GDPR), when a business collects personal information, it must provide the applicant with an information notice, also known as a privacy notice or fair processing notice. This notice must set out the certain required information, including the purposes for which the data will be processed, the legal bases for processing and the period for which the data will be retained. The business could provide the information notice on its website, and send a link or copy of the notice in correspondence.

At what point would customer’s information be destroyed?

Yes, when the time comes that you no longer need a document or set of documents, you should destroy them. Providing that they don’t relate to company information, clients or employees.

Customer information should only be stored for a finite period, although that will differ based on the company and the purpose of the data.

How has Buckingham Futures dealt with the data retention policy over the years?

At Buckingham Futures, we focus on supplying our clients with total satisfaction, confidence, and enthusiasm. We have built reliability, trust with our clients through honesty and integrity ensuring that their data is being handled sensitively and with confidentiality and as such our data retention policies have evolved under the law.

What are Buckingham Futures data retention policies?

Buckingham Futures are registered with the Information Commissioner’s Office (ICO) and we have a full assurance programme in place, led by senior management, to ensure compliance with GDPR with business continuity plans in place, tested annually with results reported to senior management.

How do you and your team handle private data?

All of our employees receive mandatory training on policies and procedures for handling confidential health information to ensure compliance with privacy/security requirements.
Our data security policy is compliant with the EU Data Privacy Directive (EU 95/46) and the UK Data Protection Act 1998. We have a programme in place to ensure compliance with GDPR.

Delivering comprehensive environmental health insights requires processing significant quantities of data — including sensitive data. We understand how important it is for clients to be able to rely on their data and trust it is being handled sensitively and with confidentiality in mind.

Our approach to Information Governance includes but is not limited to:

• Ensuring processes and offerings meet all appropriate standards and operate within applicable laws, policies and guidelines, including consent and confidentiality.

• Educating Buckingham Futures employees to understand that Privacy and safeguarding of data is a significant part of our corporate culture.

• Working closely with the Information Commissioner’s Office ensuring we are informed of policy changes/challenges.

• Setting clear contractual agreements on responsibilities we are General Data Protection Regulation (GDPR) compliant.

• Undertaking ethical risk assessments and Data Privacy Impact assessments (following the law, ICO to safeguard against unintended consequences.)

Have any cloud outages and major breaches affected the way you store information?

We undertake vendor risk management as part of our procurement processes and regularly review security, policies, audit systems, and revise training to employees to ensure we stay on the leading edge of data protection. Our internal systems are set up such that we can pull the plug on a compromised vendor with minimal impact on the rest of the business.

Lastly, could you provide ‘Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?’

Five things every business needs to know to properly store and protect its customers’ information are:

1. DATA STORAGE: Under the UK-GDPR, businesses must create a data retention policy to help them manage the way they handle personal information. If they keep sensitive data for too long — even if it’s being held securely and not being misused — they may still be violating the regulations requirements.

2. LEGAL REQUIREMENTS: UK-GDPR requires businesses to maintain Record of Processing Activities (RoPA), covering the ‘legal basis’ for holding personal data, how it is processed and with whom it is shared. Only users that need access should have access.

3. DATA ANALYSIS: The more sensitive the data is, the better you need to protect it, and the more specific you need to be about what you are using it for.

4. USER RIGHTS: These are: right to be informed, right of access, right to rectification, right to erase/to be forgotten, right to restrict processing, right to data portability, right to object and rights with automated decision making and profiling.

5. SYSTEMS: These need to be regularly audited to ensure policies are being followed, and no cases are falling through the cracks.

Next Issue

Next week our Marketing Assistant, Husna Stanakzai will share her thoughts on remote working in an office environment. Stay tuned!

Ketan Dattani ~ CEO and Founding Owner of Buckingham Futures

Buckingham Futures HQ

We are dedicated to providing our exceptional recruitment and consultancy services to you. With our team of specialist recruitment consultants, they will be able to assist you in your queries and job hunt.

Give us a call on 020 8125 4321 or email your CV to info@buckinghamfutures.com and let’s have a chat!