Point of Law – Data Controllers can not subcontract their responsibilities for the safe management of their data.
If any of the above can not be satisfied a full review should be conducted immediately. If you are interested in getting some more information about improving your data security, live chat now and we will be happy to discuss this with you.
Offences/ penalties for non-compliance:
For a serious breach of the DPA, the ICO can issue:
A serious breach, deliberate or negligent, is determined based on the volume of personal data and level of sensitivity.
Protecting your confidential business information with Topwood is safe, convenient and cost-effective. It’s also environmentally friendly – all shredded paper and hard drives are recycled.
It is important to bear in mind that the Data Protection Bill was published in Parliament (14.09.17) by Digital Minister Matt Hancock. The EU’s GDPR are fully incorporated into UK law under what will be known as the Data Protection Act 2018 – due to come into effect in May-18.
1.1 Information Topwood holds. Has Topwood conducted an information audit to map data flows and does Topwood document the personal data it holds, where it came from and who it is shared with? Answer: Yes
2.1 Accountability. Has Topwood an appropriate data protection policy? Answer: Yes
2.2 Data Protection Officer (DPO). Has Topwood nominated a data protection officer? Answer: Yes
2.3 Management responsibility. Do the Directors at Topwood demonstrate support for data protection legislation and promote a positive culture of data protection compliance? Answer: Yes
2.4 Information risks and data protection impact assessments. Does Topwood manage information risks in structured way so that management understands the business impact of personal data related risks and manages them effectively? Answer: Yes
2.5 Data protection by design. Has Topwood the appropriate technical and organisational measures to show data protection is integrated with data processing activities Answer: Yes
2.6 Training and awareness. Has Topwood provided data protection awareness training for all staff? Answer: Yes
2.7 Data processing contract. Does Topwood only process data on the documented instructions of a data controller and there is a written contract setting out the respective responsibilities and liabilities of the controller and Topwood? Answer: Yes
2.8 The use of sub-processors. Does Topwood seek the prior written authorisation from the controller before engaging the services of a sub-processor, and there is a contract in place. Answer: Yes
2.9 Operational base. Topwood only operates within the EU.
2.10 Breach notification. Has Topwood the effective processes to identify and report any personal data breaches to its controllers? Answer: Yes
3.1 Right of access. Does Topwood have a process to respond to a controller’s request for information (following and individuals’ request to access their personal data)? Answer: Yes
3.2 Right to rectification and data quality. Does Topwood have the processes to ensure that the personal data held is accurate and up to date? Answer: Yes
3.3 Right to erasure, including retention and disposal. Does Topwood have a process to routinely and securely dispose of personal data that is no longer required, in line with agreed timescales as stated in the your contract with the controller? Answer: Yes
3.4 Right to restrict processing. Does Topwood have controls to respond to data controllers’ request to supress the processing of personal data? Answer: Yes
3.5 Right to data portability. Does Topwood have the capability to respond to a request from a controller to supply the personal data your process and in an electronic format Answer: Yes
4.1 Security policy. Does your information security policy supported by appropriate security measures? Answer: Yes
If you would like to find out more about our secure document scanning, shredding and storage solutions call 0800 781 1066 or request a call back using our call back form.