GDPR Policy & Compliance

General Data Protection Regulations 2018

PIMS GDPR Policy

AB2K are committed to the effective and complaint management of the personal data we control. This policy details the leadership commitments the directors and senior management team of AB2K undertake to ensure the highest level of compliance with:

Data Protection Act 2018 – Chapter 12 (The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (S.I. 2019/419)) as amended
Data Protection Act 1998 -Chapter 29
BS ISO 10012:2017 - Data protection - Specification for personal information management systems PIMS
ISO/IEC 27001:2013 - Information Security Management System – Guidelines

Our 6 key management system principle for the processing of personal information:

All personal information shall be processed lawfully, fairly and in a transparent manner
Shall be collected for specific, explicit and legitimate purposes and processed in accordance with the purpose(s) it is collected. Only.
Personal information data shall be limited, relevant and accurate as necessary for the purpose it is collected.
Personal information shall be kept up-to-date where required
Stored in a format adequate to readily identify the subject for no longer than necessary
All personal information shall be processed in a secure manner including unauthorised access controls

To ensure the security of personal data AB2K have invested significant resources in information technology systems:

ISO27001 Compliant Information technology infrastructure
Cyber Essentials ISO27001 penetration testing of Quattro Group networks
Citrix Information technology networks and data management

Our Citrix IT systems eliminate the most common forms of data breach ensuring data cannot be copied, removed or held on personal devices or Company laptops etc. Further levels of device password protection and Citrix password protection provide additional advanced security.

To reinforce our information technology infrastructure the Quattro Group Human Resources Team operate a robust management system compliant with the requirements of ISO10012 - Data protection - Specification for personal information management systems PIMS. This management system is regularly audited in conjunction with our British Standards Institute lead auditor and the Human Resources Team.

Where possible AB2K eliminate paper records however where required GDPR protected records are stored in secure locked cabinets accessible only by the Human Resources Team.

The AB2K PIMS processes include:

Data storage, retention, classification and erasure
Data processing, communication and transfer
Data user access control, access request, access violation & data breach
Emergency responses & disaster recovery
Training & competence
Data Controller Team DBS verification

John      Reviewed By: Melanie Webb
Murphy,                Date: 30^th May 2023
Managing Director                 Date of Next Review: 30^th May 2024