What is GDPR?

The intention of the General Data Protection Regulation (GDPR) is to strengthen data protection for individuals within the European Union. It became enforceable on 25 May 2018.

Motech Solutions Ltd Policy for Processing Data

To ensure GDPR compliance, Motech Solutions Ltd will:

  • Only act upon written instructions of our clients (typically the data controllers)
  • Be subject to a duty of confidentiality and ensure the same of all relevant staff members
  • Implement appropriate measures to ensure the security of data processing
  • Only engage a sub-processor with the written consent of the data controller
  • Assist the data controller in responding to subject access requests and helping data subjects exercise their rights under GDPR
  • Assist the controller in meeting GDPR obligations related to processing security, breach notifications, and impact assessments
  • Delete or return personal data to the controller upon contract completion or request
  • Submit to audits and inspections, provide necessary information to demonstrate compliance with Article 28, and immediately notify the controller if asked to do something that would violate GDPR or related laws
  • Train staff to comply with these regulations

Our Direct Responsibilities Under GDPR

  • Act only on the written instructions of the controller (Article 29)
  • Not use a sub-processor without prior written authorisation (Article 28.2)
  • Co-operate with supervisory authorities such as the ICO (Article 31)
  • Ensure the security of data processing (Article 32)
  • Keep records of processing activities (Article 30.2)
  • Notify the controller of any personal data breaches (Article 33)
  • Appoint a Data Protection Officer if required (Article 37)
  • Appoint a representative in the EU if required (Article 27)

Motech Solutions Ltd Policy for Controlling Data

To ensure GDPR compliance as a data controller, Motech Solutions Ltd will:

  • Only collect and retain information necessary to transact with customers and prospects
  • Ensure revoked consent requests are processed within 48 working hours
  • Provide access to personal data within 7 days of request, unless specified otherwise in writing
  • Train all staff to comply with the regulation

Subject Access Requests

Upon receiving a written subject access request, Motech Solutions Ltd will:

  • Verify the identity of the requester
  • Respond in writing within 40 calendar days
  • Initiate the right to erasure process if requested

Data Protection Breaches

In the event of a data breach, staff are instructed to inform their line manager immediately. The manager will notify an authorised client contact and report the incident to the ICO within 24 hours.

The report will include:

  • What happened
  • When and how the breach was identified
  • Individuals affected or potentially affected
  • Actions taken in response to the breach

The Motech Solutions Ltd management team is responsible for maintaining and ensuring compliance with this policy. If you have any questions, please contact us on 01902 212 769.