Data Protection Statement from Enable2 CIC

What is the GDPR?

The General Data Protection Regulation is European legislation that will improve the way data is protected across Europe.

The regulation comes into force on 25th May 2018 but as the Data Protection Act 1998 has been in force for 20 years, this new legislation only enhances and updates the practices already followed and brings data protection and security into line with advancing technology.

GDPR law will be applicable to all organisations in the UK regardless of the UK leaving the European Union.

Please see the Information Commissioner’s Website which will provide all the information needed on GDPR: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

What steps are we taking?

Enable2 is fully committed to protecting personal data and respecting the privacy of individuals and their information, whether we are the controller or the processor of the data. In addition to this we intend to be open and transparent in our dealings with data and acknowledge our accountability in all areas of GDPR.

The responsibility of compliance is not taken lightly and Enable2 are introducing a number of additional standards which will mean that information, data, records and documents held within our premises and systems are secure and safe from any privacy risks. For example:

·         Enable2 holds ISO9001 certification and its Quality management System and processes are independently audited annually. ISO9001 ensures records management good practice.

·         Enable2 is working towards IASME and Cyber Essentials Plus accreditation which is an Information Security Standard set by the government.

·         Enable2 will be completing the NHS Digital Data Security and Protection Toolkit which provides confidence in our security and data protection practices to NHS and health organisations.

·         Enable2 is joining the Health and Social Care Network (HSCN) provided by NHS Digital. This network offers ‘a reliable efficient and flexible way to access and exchange electronic information’,

·         We are checking that third parties working with Enable2 are GDPR compliant, working towards GDPR compliance or follow requisite industry standards and making sure contracts are in order so you can have confidence in us and our extended offerings,

Please keep checking back to our website as we progress through the stages of GDPR compliance and the additional certifications which will be coming soon.

Individual rights

Enable2 recognise the need to allow individuals to invoke their rights in respect of data and privacy. Please see the following list of rights that can be requested from Enable2:

If you would like to invoke any of these rights, please put your request in writing to:

Joanne Kennedy
Enable2 CIC
Westend Mill
152 Sunbridge Road
Bradford
BD1 2HA

compliance@enable2.org.uk

If you need to speak to a member of staff, please call 01274 753030.

Reporting Data Breaches

Enable2 has undertaken a risk assessment that identifies potential risks and where necessary is implementing enhanced security measures to avoid data breaches.

In the unlikely event that a data breach occurs, and this is the responsibility of Enable2 or any related party, this needs to be reported to us immediately.

In the first instance Enable2 will look to secure the data and ensure that no further breaches are possible. In parallel an investigation will take place and based on guidance from the ICO, a decision will be made whether the breach needs to be reported to other related authorities.

Again, to report a breach, please get in touch using one of the following methods:

Email:

compliance@enable2.org.uk

Postal address:

Enable2 CIC
Westend Mill
152 Sunbridge Road
Bradford
BD1 2HA

Telephone:

If you need to speak to a member of staff, please call 01274 753030.