RJW recognises that the collection and use of personal data about our customers, employees and other individuals is crucial to support our business activities. It requires everyone to be committed to collecting and using all personal data in a fair, transparent and secure way in accordance with our legal obligations.
At RJW we have a Data Protection Officer who has overall responsibility for how data is processed within the organisation and is responsible for ensuring employees are following both legislation and internal policies and procedures.
To ensure that our collection methods are compliant with the ICO and to ensure that we are not using it in ways our customers would not expect, we conduct an audit of our processes which analyses;
- What data has been collected
- Why we collected the data
- How we collected the data
- How it was used
- Where it was stored
- Who has access to the data
- How it was protected
- How long the data was stored
Implementation of the audit process ensures that all policies and procedures in place continues to protect the confidentiality, availability and integrity of customers data as well as assesses the effectiveness of measures in place.
We have implemented a process to ensure that customers understand how we use their data and timeframes to provide information should they request it, which includes:
- The customers right to be informed
- The customers right of access
- The customers right to rectification
- The customers right to erasure
- The customers right to restrict processing
- The customers right to data portability
- The customers right to object
In addition, we document any Data Breach Notifications, and if a breach occurs it is reported to the ICO and customers alike.
We keep records of data processing, including ongoing records of the purposes behind our data processing; who we’ve shared data with, why and how; and what data we have kept and for how long.
RJW provides employees with data protection training to ensure that they know exactly how to process the data they work with, as well as how to protect it. This includes security best practices, such as securing electronic devices with strong passwords, encrypting digital media, or ensuring that hard copies of data such as printouts are securely stored. It can also include what they need to do if they receive a request related to a customer’s rights under GDPR.
We provide customers with a privacy policy that makes it clear how their information is being used, which lawful bases we are using to process their information, and how they can exercise their rights under GDPR.