GDRP

 

Data cleansing

 

Dennathorne Accountancy Services we understand under GDPR, EU citizens have certain rights in respect of their persoanl data and how we store it.

 

Dennathorne Accountancy Services' appointed GDPR Manager will inform, advise and monitor GDPR compliance. The business will implement tools as appropriate that support the process, provice necessary security and ongoing delivery of objectives.

 

The GDPR Manager will regularly review the security of all stored data records, ensuring their location is secure and not vulnerable to unautherised data access.

 

In addition, a regular review will be undertaken to examine whether data held, needs to be securely deleted under the company's agreed time scales for retention.

 

Please contact the business in writing for details on our data retention policy - info@dennathorneaccountants.co.uk or Dennathorne Accountancy Services, Dennathorne, Down Road, Tavistock. Devon. PL19 9AG.

 

Deletion of Personal Data

 

No personal data will be deleted except on the autherisation of the GDPR Manager who will keep appropriate records of the deletion of the data.

 

Data will be deleted securely.

 

Requests to be removed from our records must be received in writing by email or post; info@dennathorneaccountants.co.uk or Dennathorne Accountancy Services, Dennathorne, Down Road, Tavistock. Devon. PL19 9AG

 

Confirmation of deletion will be confirmed via the received communication route in a timely manner.

 

Data Breach Policy

 

At Dennathorne Accountancy Services we understand that EU citizens have certain rights in respect of their personal data and we need to have a process to deal with data breaches should they occur under GDPR regulations.

 

Dennathorne Accountancy Services will appoint a person responsible for keeping the data breach register up to date and be responsible for all aspects of overseeing the company is compliant for any data breaches within the GDPR regulations.

 

When a data breach has occurred, the ICO suggests the need to establish the likelihood and severity of the resulting risk to people's rights and freedoms. If it's likely that there will be a risk then we will notify the ICO; if it's unlikely then we won't report it.

 

In any case each breach will be assessed and the decision agreed will be justified and documented in a register. Assessments will be considered in line with advice form the ICO website.

 

Reporting time limits

 

Any applicable data breaches will be reported to the ICO within 72 hours where possible and to the affected individual's without delay.

 

Updated Nov 2020