As a provider of IT solutions and services around BMC, we recognise and are committed to maintaining the highest standards of information security.
The scope of information security is broad and we believe we have taken a thorough approach with our commitment to ensuring the confidentiality, integrity and availability of customer, supplier and employee data.
We operate in a highly regulated industry and in addition to adherence to voluntary codes of conduct. KTSL have a team in place dedicated to monitor current regulation, assess compliance and coordinate activities to ensure the company continue to meet it’s requirements.
Should you have any queries about our approach to information assurance and regulatory compliance please contact our support team at email@example.com.
Commissioners Office (ICO) and maximum penalties for breach of the GDPR can be very high.
What has changed?
Anybody responsible for controlling or processing an individual’s personal data will now be required to ensure there is a lawful reason for collection and processing, where relevant consent is secured and is made freely and easy to retract, only the necessary data required is retained and only for as long as it is required.
The sharing of individual’s data is also restricted with further explicit consent being required if using or wishing to share with other parties for any other purpose than it was originally collected for unless other lawful reasons for sharing the data apply, for example to investigate criminal activity or in the best interests of the data subject.
A person will now be able to easily access their personal data, make applications to correct, port, restrict or have it deleted under qualifying circumstances.
For full details on changes to data protection regulation please refer to the ICO website www.ico.org.uk
Your Legal Rights under GDPR
The right to be informed
Individuals have a right to understand when their personal data is being held and processed, even when this has been obtained indirectly.
The right of access
You can request access to your personal data at any time to be aware of and verify the lawfulness of the processing, this is via a Subject Access Request (see below).
The right to rectification
Personal data can be easily rectified if inaccurate, incomplete or out of date. This can be done by contacting us via our firstname.lastname@example.org.
The right to erasure
Under qualifying criteria, you can request your data to be deleted where there is no lawful reason for its continued processing. Please refer to the GDPR regulation or ico.org.uk for full details.
The right to restrict processing
Under qualifying criteria, you can request the processing of your data to be restricted. This means your data will still be held but not processed and may apply where information is inaccurate or if there is an objection over the lawfulness of the processing. Please refer to the GDPR regulation or ico.org.uk for full details. Please send your request in writing as per the below instructions.
Where data is restricted, KTSL shall, where possible, also inform any involved 3rd parties of the restriction.
The right to data portability
Individuals can request personal data to be provided in order to reuse elsewhere and/or moved from one IT environment to another in a secure manner without hindrance. Please send your request in writing as per the below instructions.
The right to object
Where processing of your data is taking place under certain purposes and no legitimate reason exists for this, you have the right to object. Please send your request in writing as per the below instructions.
Rights in relation to automated decision making and profiling
Automated decision making, and profiling can only take place where consent or a lawful reason apply. Processors are also required to notify individuals when their data is processed by automated means and provide information about the processing and lawful reason for doing so. It should be straightforward for an individual to challenge or request intervention.
What are we doing about it?
Here is a brief overview of our preparations over the last six months:
- We have assigned a Data Protection Officer (DPO) who is part of a core team working on the project. In addition, we have dedicated Information Asset Owners (IAOs) for each of our in-house departments to field queries and provide feedback.
- We have a fully documented project plan and have conducted Data Protection Impact Assessments (DPIAs). These DPIAs help us to understand what personal data is collected, how it is used and stored and feed into data flow and risk assessments