Privacy Notice
Data Storage & Management Ltd, T/A
DSM has been in business since 1998 employing eleven people and providing a comprehensive
records management service to its customers in Ireland.
At the outset DSM wishes to state that
it will only ever seek to request and use the minimum of personal information.
The sole purpose of requesting such information is to enable DSM to communicate
with employees, customers and suppliers to fulfill a range of business services
as required. This data includes primarily names, addresses, telephone numbers,
email addresses, PPS numbers (in the case of employees), and bank details.
DSM is fully committed to continuing to
operate within its strong code of security and confidentiality. It will protect
all personal information and will never disclose or reveal this inappropriately
or in breach of data protection legislation.
It is essential to point out that
all data held in off-site storage by DSM on behalf of its customers will always
remain in the ownership of each customer. DSM will not handle, change, amend or
add to this data except to retrieve and return this from time to time as
required by each customer or, in some cases, to scan the hard copy document
into a soft-copy format, again as required by individual customers. In this
regard DSM
has recently implemented a secure electronic file transfer system to ensure
that this activity is fully compliant with GDPR. This product ensures that all
data is encrypted during electronic transfer and can only be accepted by the
person for whom it is intended.
In preparation for EU General Data
Protection Regulations (GDPR) 2018 DSM has both reviewed and revised its core
documentation and has also introduced new documentation where necessary as
follows:
DSM’s Privacy Statement (new –
completed) Data Protection Procedure (new – in
progress) Updated Data Protection Policy
(completed) Revised Records Management Policy
(completed) Revised Records Retention Schedule (in
progress) Revised Contracts of Employment
(completed) Revised Confidentiality Agreement for
DSM team members and on-site suppliers (completed) DSM’s updated Service Level Agreement
(completed) DSM’s updated Customer Authorisation
Form (completed) Revised Quality Manual (completed) Revised Security Policy (in progress) Revised Business Continuity Plan (in progress)
DSM has also added a consent request and
data protection assurance statement to all business-related documentation in
compliance with GDPR. All personal information collected by DSM during its
business will be wholly purpose-related and will be erased/deleted/destroyed
once the purpose for which it has been collected expires or is terminated. All
data subjects will be advised accordingly. By completing all the above tasks DSM
will therefore ensure that it will meet the ongoing requirements of the EU General
Data Protection Regulations (GDPR) Legislation 2018. DSM’s management team has attended a
number of briefings and training courses to ensure our readiness and compliance
with GDPR and extensive briefings have been held for all other DSM team members
as part of DSM’s continuous annual training programme. As an SME DSM is not obliged to appoint
a Data Protection Officer. However, in its place DSM has opted to appoint a
Data Protection Liaison person (DSM’s IT Specialist Martin Hehir) who will work
with me, the overall Data Controller, to implement and oversee data protection
legislation and will handle potential breaches, if any, going forward. This
appointment has been completed.
Finally, DSM currently holds the ISO
27001:2013 Standard (Information Security) and has operated a comprehensive
Information Security Management System within the Company since 2011. DSM is audited annually by NQA to ensure
compliance with this Standard. DSM also
holds the ISO 9001:2015 Quality Standard and is also audited annually by NSAI
in this regard. In additional DSM employs an independent contractor to carry
out internal audits 6 times each year to further ensure compliance.
If you have any questions or queries
regarding DSM’s compliance with GDPR I will be very happy to have a discussion
with you at any time. On behalf of our full team here in DSM I would like to
assure you of our continued efforts to improve our service with efficiency, cost
effectiveness and professionalism.
Signed:
_______________
Wendy Ryan
Managing Director
Date: May
2018
. |