GDPR

The SDS Group take data handling and protection very seriously, and there is no exception with it comes to the General Data Protection Regulation (GDPR).

SDS has already been adhering to the new rules and regulations for the past 20 years, as standard. We have produced a new GDPR policy which covers all our responsibilities and procedures and is available to upon request. We are proud to highlight our key best practice methods which help towards the SDS Group being fully GDPR Compliant:

Company Ethics

  • SDS only employ permanent members of staff, no temps
  • Every member of staff is required to sign a Non-Disclosure Agreement (NDA)
  • Where applicable staff are all CRB checked
  • All work, whether scanning or indexed, is carried out in the UK and nothing is ever outsourced
  • Each job and/or client is assigned a project manager as a first point-of-contact
  • If an employee has a link to a client or the project where sensitive data is being handled they will not be authorised to work on the project, or have access to any of the files
  • We pay our employees the living wage, not the minimum wage

Physical Data Storage

  • Physical documents stored in secure, temperature-controlled conditions, with CCTV
  • Controlled access for authorised personnel
  • Archive document insurance
  • Shredding is outsourced on request using an approved onsite shredding company with appropriate certification provided

Electronic Data Storage

  • SDS regularly tests for Security, Data Integrity, Performance, Control & Audit, Back-up & Resilience and Risk
  • All sensitive data held behind an SSL certificate
  • Robust backup and recovery systems in place
  • Data stored in appropriate cloud-based servers. For example, UK-sensitive data is only ever stored on UK-based servers
  • Sensitive data being transferred via strict password controlled (client approved) SFTP or on encrypted USB or External HDDs
  • Confirmation of file deletion supplied on request

Physical Collection & Return

  • Collections only made by permanent SDS employees
  • Collections are remotely tracked
  • Box Tracking available
  • If required, two company personnel will attend the collection, ensuring someone always remains with the archive
  • Mobile phones with three different network providers carried at all times to ensure a signal can be obtained

What is GDPR?

The General Data Protection Regulation (GDPR) standardizes data protection law across all twenty-eight European Union member countries. It also imposes strict new rules on controlling and processing personally identifiable information. GDPR replaced the existing 1995 EU Data Protection Directive on 25 May, 2018.

Top