Data Storage & Management Ltd, T/A DSM has been in business since 1998 employing eleven people and providing a comprehensive records management service to its customers in Ireland.

At the outset DSM wishes to state that it will only ever seek to request and use the minimum of personal information. The sole purpose of requesting such information is to enable DSM to communicate with employees, customers and suppliers to fulfill a range of business services as required. This data includes primarily names, addresses, telephone numbers, email addresses, PPS numbers (in the case of employees), and bank details.

DSM is fully committed to continuing to operate within its strong code of security and confidentiality. It will protect all personal information and will never disclose or reveal this inappropriately or in breach of data protection legislation.

It is essential to point out that all data held in off-site storage by DSM on behalf of its customers will always remain in the ownership of each customer. DSM will not handle, change, amend or add to this data except to retrieve and return this from time to time as required by each customer or, in some cases, to scan the hard copy document into a soft-copy format, again as required by individual customers. In this regard DSM has recently implemented a secure electronic file transfer system to ensure that this activity is fully compliant with GDPR. This product ensures that all data is encrypted during electronic transfer and can only be accepted by the person for whom it is intended.  

In preparation for EU General Data Protection Regulations (GDPR) 2018 DSM has both reviewed and revised its core documentation and has also introduced new documentation where necessary as follows:

1. DSM’s Privacy Statement (new – completed)

2. Data Protection Procedure (new – in progress)

3. Updated Data Protection Policy (completed)

4. Revised Records Management Policy (completed)

5. Revised Records Retention Schedule (in progress)

6. Revised Contracts of Employment (completed)

7. Revised Confidentiality Agreement for DSM team members and on-site suppliers (completed)

8. DSM’s updated Service Level Agreement (completed)

9. DSM’s updated Customer Authorisation Form (completed)

10. Revised Quality Manual (completed)

11. Revised Security Policy (in progress)

12. Revised Business Continuity Plan (in progress)

DSM has also added a consent request and data protection assurance statement to all business-related documentation in compliance with GDPR. All personal information collected by DSM during its business will be wholly purpose-related and will be erased/deleted/destroyed once the purpose for which it has been collected expires or is terminated. All data subjects will be advised accordingly.

By completing all the above tasks DSM will therefore ensure that it will meet the ongoing requirements of the EU General Data Protection Regulations (GDPR) Legislation 2018.

DSM’s management team has attended a number of briefings and training courses to ensure our readiness and compliance with GDPR and extensive briefings have been held for all other DSM team members as part of DSM’s continuous annual training programme.

As an SME DSM is not obliged to appoint a Data Protection Officer. However, in its place DSM has opted to appoint a Data Protection Liaison person (DSM’s IT Specialist Martin Hehir) who will work with me, the overall Data Controller, to implement and oversee data protection legislation and will handle potential breaches, if any, going forward. This appointment has been completed.

Finally, DSM currently holds the ISO 27001:2013 Standard (Information Security) and has operated a comprehensive Information Security Management System within the Company since 2011.  DSM is audited annually by NQA to ensure compliance with this Standard.  DSM also holds the ISO 9001:2015 Quality Standard and is also audited annually by NSAI in this regard. In additional DSM employs an independent contractor to carry out internal audits 6 times each year to further ensure compliance.

If you have any questions or queries regarding DSM’s compliance with GDPR I will be very happy to have a discussion with you at any time. On behalf of our full team here in DSM I would like to assure you of our continued efforts to improve our service with efficiency, cost effectiveness and professionalism.

Signed: _______________

                Wendy Ryan

                Managing Director

Date: May 2018

Our Team