The organisation takes the security of HR-related personal data seriously. The organisation has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties. These controls are implemented under the ICO and the General Medical Council (GMC) guidelines. Other guidelines may be implemented depending upon the data being held, this is to include hospital and consultant guidelines.
Where the organisation engages third parties to process personal data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. Our staff, trainers and associates undergo regular hospital, Data and GDPR training, to ensure that our policies and procedures are compliant with all aspects of data protection. Our servers are held in a restricted area internally and are managed and monitored by IT and cyber data experts within our office premises. This service is done so by a recognised and accredited service provider. Encryption for our data and emails are used at all times. Our consultants and associates have a responsibility to control and hold data commensurate to our security, data and cyber policies and General Medical Council (GMC) guidelines. Consultants and associates may also store the data on their own personal electronic device, which is suitably protected by password and encryption. This will be commensurate to their own security policy.