GDPR Policy & Compliance

General Data Protection Regulations 2018


AB2K are committed to the effective and complaint management of the personal data we control. This policy details the leadership commitments the directors and senior management team of AB2K undertake to ensure the highest level of compliance with:

  • Data Protection Act 2018 – Chapter 12 (The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (S.I. 2019/419)) as amended
  • Data Protection Act 1998 -Chapter 29
  • BS ISO 10012:2017 - Data protection - Specification for personal information management systems PIMS
  • ISO/IEC 27001:2013 - Information Security Management System – Guidelines

Our 6 key management system principle for the processing of personal information:

  • All personal information shall be processed lawfully, fairly and in a transparent manner
  • Shall be collected for specific, explicit and legitimate purposes and processed in accordance with the purpose(s) it is collected. Only.
  • Personal information data shall be limited, relevant and accurate as necessary for the purpose it is collected.
  • Personal information shall be kept up-to-date where required
  • Stored in a format adequate to readily identify the subject for no longer than necessary
  • All personal information shall be processed in a secure manner including unauthorised access controls

To ensure the security of personal data AB2K have invested significant resources in information technology systems:

  • ISO27001 Compliant Information technology infrastructure
  • Cyber Essentials ISO27001 penetration testing of Quattro Group networks
  • Citrix Information technology networks and data management

Our Citrix IT systems eliminate the most common forms of data breach ensuring data cannot be copied, removed or held on personal devices or Company laptops etc. Further levels of device password protection and Citrix password protection provide additional advanced security.

To reinforce our information technology infrastructure the Quattro Group Human Resources Team operate a robust management system compliant with the requirements of ISO10012 - Data protection - Specification for personal information management systems PIMS. This management system is regularly audited in conjunction with our British Standards Institute lead auditor and the Human Resources Team.

Where possible AB2K eliminate paper records however where required GDPR protected records are stored in secure locked cabinets accessible only by the Human Resources Team.

The AB2K PIMS processes include:

  • Data storage, retention, classification and erasure
  • Data processing, communication and transfer
  • Data user access control, access request, access violation & data breach
  • Emergency responses & disaster recovery
  • Training & competence
  • Data Controller Team DBS verification

John                                                    Reviewed By: Melanie Webb
                                                         Date: 30th May 2023  
Managing Director                 Date of Next Review: 30th May 2024 

Latest News