a black and white photo of a clock tower

Introduction:

This Information Security Policy outlines the requirements for Bitz ‘n’ PC’z Ltd to protect personal data in compliance with the Data Protection Act and GDPR. The policy establishes guidelines to protect the confidentiality, integrity and availability of personal data and information assets owned by Bitz ‘n’ PC’z Ltd.

Scope:

This policy applies to all employees, contractors and third-party service providers who have access to personal data and information assets owned by Bitz ‘n’ PC’z Ltd.

Responsibilities:

All employees, contractors, and third-party service providers who have access to personal data and information assets owned by Bitz ‘n’ PC’z Ltd must comply with this policy.

The IT Manager is responsible for ensuring that all IT systems and infrastructure are secure and for implementing and enforcing the measures detailed in this policy.

The Data Protection Officer is responsible for overseeing the implementation of this policy and ensuring that all employees, contractors and third-party service providers are aware of their obligations under GDPR.

Information Security Requirements:

  1. Personal Data Processing: Bitz ‘n’ PC’z Ltd will ensure that all personal data is processed in compliance with GDPR.
  2. Data Collection: Only personal data that is required for a specific purpose will be collected. The data will be accurate, up to date and will not be kept for longer than necessary.
  3. Data Protection: Bitz ‘n’ PC’z Ltd will ensure that all personal data is protected against unauthorised access, alteration, or destruction. All personal data will be stored securely and access will be restricted to authorised personnel only.
  4. Third-Party Service Providers: Third-party service providers who have access to personal data will be vetted and contractual arrangements will be put in place to ensure that they comply with GDPR.
  5. Breach Notification: Bitz ‘n’ PC’z Ltd will report any data breaches to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.
  6. Data Subject Rights: Bitz ‘n’ PC’z Ltd will respond to all data subject requests within one month and will provide data subjects with access to their personal data, as well as the right to correct, erase, or restrict processing of their personal data.
  7. Data Protection Impact Assessments: Bitz ‘n’ PC’z Ltd will conduct data protection impact assessments (DPIAs) for any processing that is likely to result in a high risk to the rights and freedoms of data subjects.
  8. Security Controls: Bitz ‘n’ PC’z Ltd will implement appropriate security controls to protect personal data, including access controls, encryption and monitoring.
  9. Training and Awareness: All employees, contractors and third-party service providers will receive training on GDPR and this Information Security Policy. Regular awareness campaigns will also be conducted to reinforce the importance of data protection.