To adhere to the GDPR requirement that a data controller must appoint the processor in the form of binding written agreement, with the personal data processed (including the activities of any sub- processors) only on documented instructions from the controller or the requirements of EU law or the national laws of Member States, we will be reviewing with our customers all our agreements to ensure compliance. This will ensure that relevant wordings are in place to cover aspects such as cover the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the controller. It will also, where applicable, cover cross border transfers and the use of any sub processors.
Holly Social Limited continually seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.
In demonstration of this, we have processes compliant with the following standards:
- ISO 9001:2015 certification for Quality Management Systems
- ISO27001:2013 certification for Information Security Management Systems
- PCI-DSS Version 3 certification for handling payment card data
- BS EN 15713:2009 compliance for Secure destruction of confidential material
- Bcrypt for encryption
Under the GDPR, we must notify any data breach to the ICO within 72 hours of discovering the breach. Holly Social Limited therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the ICO.
We would provide the controller with:
- A description of the nature of the breach
- Contact details of the responsible person within the company
- Likely consequences of the breach
- Proposed and imposed measures that were taken to limit harmful effects
We would stress again that we have comprehensive technical and organisational security measures in place to mitigate against a data breach.
Authorised users may view our procedures for identifying, preventing and reporting data breaches.
Under the GDPR there are significant enhancements to the rights that individuals enjoy with regards their personal data. Holly Social Limited can work with customers for whom we hold or process personal data in order to determine how best to facilitate:
- Handling Data Subject Access Requests Rectification of personal data
- The application of retention periods and the secure erasure / destruction of personal data
- Responding to data portability requests, providing it in a structured, commonly used and machine-readable format