Security Notice

1.     This security policy is designed to ensure that Julie Jennings & Associates Ltd complies with the security requirements of the General Data Protection Regulation, and the rights to privacy of data subjects are protected.

2.     In compliance with Article 32 Julie Jennings & Associates Ltd has implemented appropriate physical, organisational and technical measures to ensure a level of security appropriate to the risk.

3.     Julie Jennings & Associates Ltd is based at 145 Wakefield Road, Garforth, Leeds LS25 1AT; it employs 3 people and has a sub-contractual relationship with 10 other personnel.

The premises is a detached residential property set back from the main road with a dedicated area from which the business is conducted. The property is alarmed with additional high security locks to the main access. Further internal locks separate the main business area from the residential section.

Security Measures

4.     The following security measures have been taken:

Physical

  • Office building is alarmed/protected by CCTV cameras;

  • Business visitors to the office premises are supervised at all times;

  • The business premises are securely locked when not in use.

  • Areas of the premises where personal data are kept are secured by locks/ security system;

  • Computer screens are arranged so they cannot be viewed by casual passersby, particularly visitors;

  • Hard copy material containing personal data is stored securely and locked away in

  • Filing cabinets / cupboards at night;

  • A clear desk policy is enforced;

  • Hard copy special category data, such as medical records, are kept separately from others;

  • Personal data is locked in cabinets with restricted access;

  • Electronic special category data is encrypted with restricted access where possible or locked in cupboards;

  • Passports, driving licenses and any other documents used to check identity are also kept Separately, stored securely with restricted access. When stored electronically, the information is encrypted with restricted access;

  • Electronic data is backed up off site;

  • Any server on the premises is kept in a locked room;

  • Shredding of confidential information is carried out securely on site or outsourced pursuant to a GDPR compliant contract;

  • Mobile equipment such as laptops are encrypted and locked away when not in use.

  • Sub-contractos working off site must follow guidelines on the printing and disposal of hard copy material;

  • Computers and other electronic equipment are disposed of in a safe manner by an outsourced and certificated provider.

5.   Managerial

  • This policy is regularly reviewed and Julie Jennings is committed to ensuring it is implemented.

  • Julie Jennings is responsible for data protection and has powers to discipline for breaches of this and other data protection policies;

  • Julie Jennings has sufficient resources to carry out its role effectively as data protection lead;

  • Staff  / sub-contractor compliance with this policy is monitored by file handling audits and spot checks;

  • Staff / sub-contractors are trained in data protection;

  • Only designated staff / sub-contractors may delete data and they receive specific training in this regard;

  • Breach of this security policy is a disciplinary offence;

  • There is in place a procedure for authenticating the identity of telephone callers, clients and contractors;

6.   Technical measures

  • Anti-virus and anti-spyware tools are installed on all computers;

  • All computers are encrypted and password protected;

  • It is a disciplinary offence to share a password unless expressly permitted by Julie Jennings & Associates Ltd;

  • Computers are programmed to download patches automatically;

  • Computers have automatic locking mechanisms when not in use;

  • Staff / sub-contractors are prevented from downloading software from the internet onto work computers and laptops;

  • They cannot transfer data onto removable devices such as USB sticks and CDs without the authority of Julie Jennings & Associates Ltd;

  • Staff / sub-contractors are encouraged to save personal data on their computers in a consistent manner;

  • They have access rights to personal data on a strict need to know basis;

  • Access rights are monitored and reviewed. They are deleted when personnel leave;

  • Staff / sub-contractors should direct all business emailed via Julie Jennings & Associates Ltd;

  • Computers, laptops, mobile phones, USB sticks and CDs are encrypted and password protected;

  • Personal data is encrypted before it is uploaded onto the cloud;

  • Personal data shared by email are encrypted and password protected as appropriate.

 7.   Security measures are tested and evaluated once a year.

8.   Whenever a new project, process or procedure is introduced which carries a high risk to data subjects, a Data Protection Impact Assessment is carried out, at the instigation of Julie Jennings & Associates Ltd.