With over 15 years experience supporting small business computer systems.

industrie-sidebar-logo
Contacts

What is GDPR?

The intention of the GDPR is to strengthen data protection for individuals within the European Union and will become enforceable from 25 May 2018.

Motech Solutions Ltd policy for processing data

To ensure GDPR compliance Motech Solutions Ltd will:
  • Only act upon written instructions of our clients (normally the data controllers)
  • Be subject to a duty of confidence, and ensure the same of all relevant staff members
  • Ensure the appropriate measures are taken to ensure the security of the processing.
  • Only engage a sub-processor on written consent of the data controller
  • Assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR
  • Assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
  • Ensure to delete or return all personal data to the controller as requested at the end of any relevant contracts
  • Submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.
  • Train our staff to comply with these regulations

 Our Direct Responsibilities under GDPR are to:

  • Only act on the written instructions of the controller (Article 29);
  • Not use a sub-processor without the prior written authorisation of the controller (Article 28.2);
  • Co-operate with supervisory authorities (such as the ICO) in accordance with Article 31;
  • Ensure the security of its processing in accordance with Article 32;
  • Keep records of its processing activities in accordance with Article 30.2;
  • notify any personal data breaches to the controller in accordance with Article 33;
  • employ a data protection officer if required in accordance with Article 37; and
  • appoint (in writing) a representative within the European Union if required in accordance with Article 27.

Motech Solutions Ltd policy for controlling data

To ensure GDPR compliance Motech Solutions Ltd will:
  • only collect & retain information necessary to transact with our customers and prospects
  • ensure that revoked consent requests are managed with 48 working hours of revocation
  • ensure to enable right to access within 7 days of request, unless otherwise specified in writing.
  • train our staff to company with the regulation

Subject access requests

Upon receiving a written subject access request Motech Solutions Ltd will:
  • ensure to verify the identity of the person requesting the information
  • respond in writing within 40 calendar days with the requested information
  • if requested, initiate the right to erasure process

What Motech Solutions Ltd will do should there be a data protection breach

Should there be a data breach, staff are trained to inform their line manager immediately, who will in turn, inform an authorised member of personnel at the client and also inform the ICO within 24 hours. The information provided to the client and the ICO will include;
  • What has happened;
  • When and how we found out about the breach;
  • The people that have been or may be affected by the breach;
  • What we are doing as a result of the breach
The management team at Motech Solutions Ltd are responsible for the compliance and maintenance of this policy. If you have any queries, please contact us on 01902 212 769.