John Turner FCA as a firm is committed to conducting its business in accordance with all applicable Data Protection laws and regulations. The General Data Protection Regulation (GDPR) came into effect on 25th May 2018 and applies to personal data or any information relating to an identifiable person.
The GDPR applies to both electronic personal data and to manual filing systems. It requires that personal data shall be:
John Turner, the firm’s principal, is the Data Protection Lead and has overall responsibility for data protection.
We as a firm are controllers of data and also processors.
We are controllers for the work we carry out for our clients and data we hold for employees. On behalf of some of our client companies we process personal information such as payroll where we act as processors.
Our lawful basis for processing personal data is contract. Our clients engage in a contract with us to provide the services outlined in the letter of engagement. We keep only data and correspondence required to identify the client and keep only the data necessary to carry out the work contracted to us.
Our lawful basis for processing employee data is contract. We engage our employees under a contract of employment.
Our lawful basis for processing subcontractor data is contract. We engage sub-contractors under a contract of engagement.
The firm does not market or advertise services to clients in addition to the accountancy and taxation services we are engaged to supply. Neither do we give out customer details to third parties for marketing purposes.
To ensure fair processing, personal data will not be retained for longer than necessary. This takes into account the legal and contractual requirements. All personal data should be deleted or destroyed as soon as possible where it has been confirmed that there is no longer a legal requirement to retain it.
The firm has achieved Cyber Essentials Certification. Cyber Essentials Certification is the IASME standard, based on international best practice. It aims to help organisations implement basic levels of protection against cyber attack, demonstrating to their customers that they take cyber security seriously. It is risk-based and includes all aspects of IT including physical security, staff awareness, and data backup.
We have a security policy that ensure that we have all necessary procedures in place to keep personal data (both electronic and hard copy) secure whilst in the office or working from home, or when sharing and emailing information to others.
We have a rights procedure, which details our obligations regarding the personal data we hold on individuals.
The following are the rights of the individuals:
If an individual makes a request relating to any of the rights listed above, it should be made in writing and we will consider each such request in accordance with all applicable Data Protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be unnecessary or excessive in nature.
A response to each request will be provided within thirty days of the receipt of the written request from the client.
We have a breach policy and a risk register, detailing the procedures in case of a breach.
We will adopt all necessary measures to ensure that the personal data we collect and process is complete and accurate in the first instance, and is updated to reflect the current situation of the client.
To ensure that all Data Protection requirements are identified and addressed when designing new systems or processes and/or when reviewing or expanding existing systems or processes, each of them must go through an approval process before being implemented. This will be in the form of a Data Protection Impact Assessment (DPIA).
We have a privacy notice that sets out what information we hold and why, how we are keeping it secure, and what rights individuals have over their personal information. This has been sent to all clients, employees, sub-contractors and professional associates of the firm.
We would love to find out how we could help you. Simply click the button and we’ll be in touch for an informal, no-obligation chat.