GDPR Policy & Compliance
GDP01.0 Data Breach
AB2K Ltd. is committed to our obligations under GDPR. Our data audit report has been produced to ensure that our compliance, processes, functions and procedures are fit for purpose and that mitigating actions are in place where necessary, however should there be any data breaches, this policy states our intent and objectives for dealing with such a breach.
Although we understand that not all risks can be completed mitigated, we operate a robust and structured system of controls, measures and processes to help protect data subjects and their personal information from the risks associated with processing data. The protection and security of the data that we hold and use, including personal information, is paramount to us.
The purpose of this policy is to provide AB2K Ltd.’s intent, objectives and procedures regarding data breaches involving personal information.
As we have obligations under the GDPR, we also have a requirement to ensure that the correct procedures, controls and measures are in place and communicated to all employees if a personal information breach occurs. This policy also notes our processes for reporting, communicating and investigating any such breach.
Whilst it is the Company's aim to prevent data breaches where possible, we do recognise that human error and risk elements occur in business that prevent the total elimination of any breach occurrence. We also have a duty to develop protocols for data breaches to ensure that employees, regulating and/or accreditation bodies are aware of how we handle any such breach.
This policy applies to all staff within the Company (meaning permanent, fixed term, 0 hours and temporary staff, any third-party representatives or sub-contractors, agency workers, and agents engaged with the Company in the UK), and relates to the processing of personal information. Adherence to this policy is mandatory and noncompliance could lead to disciplinary action or the termination of contracts for services
GDP01.4 Data Security & Breach Requirements
The Company's definition of a personal data breach for the purposes of this policy is any breach of security, lack of controls, system or human failure, error or issue that leads to, or results in, the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
AB2K Ltd. have a legal, regulatory and business obligation to ensure the maximum security of data that is processed, including as a priority, when it is shared, disclosed and transferred. Our Information Security Policy & Procedures and Data Protection Policy & Procedures provide the detailed measures and controls that we take to protect personal information and to ensure its continued security.
We will carry out information audits to ensure that all personal data held and processed by us is accounted for and recorded. We have implemented adequate, effective and appropriate technical and organisational measures to ensure a level of security appropriate to the risks, including (but not limited to): -
- Encryption of personal data
- Restricted access as appropriate
- Reviewing, auditing and improvement plans for the ongoing confidentiality, integrity, availability and resilience of processing systems and services
- Disaster Recovery and Business Continuity Plan to ensure up-to-date and secure backups and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Frequent and rolling training programs for all staff in the GDPR, its principles and applying those regulations to each role, duty and the company as a whole
- Staff assessments and testing to ensure a high level of competency, knowledge and understanding of the data protection regulations and the measures we have in place to protect personal information
Recheck processes to ensure that where personal information is transferred, disclosed, shared or is due for disposal, it is rechecked by the Compliance Manager
GDP02.0 Data Retention & Erasure
AB2K Ltd recognises and understands that the efficient management of its data and records is necessary to support its core business functions, to comply with its legal, statutory and regulatory obligations, to ensure the protection of personal information and to enable the effective management of the organisation.
This policy meets the standards and expectations set out by contractual and legal requirements and has been developed to meet the best practices of business records management, with the direct aim of ensuring a robust and structured approach to document control and systems.
Effective and adequate records and data management is necessary to: -
- Ensure that the business conducts itself in a structured, efficient and accountable manner
- Ensure that the business realises best value through improvements in the quality and flow of information and greater coordination of records and storage systems
- Support core business functions and providing evidence of conduct and the appropriate maintenance of associated plant and equipment, resources and services provided to our customers
- Meet legislative, statutory and regulatory requirements
- Deliver services to staff in a consistent and equitable manner
- Assist in managerial decision making
- Provide continuity in the event of a disaster
- Protect the interests of the organisation and the rights of employees, customers and sub-contractors
- Protection of personal information and data subject rights
- Avoid inaccurate or misleading data and minimise risks to personal information
- Erase data in accordance with the legislative and regulatory requirements
Information held for longer than is necessary carries additional risk and cost and can breach data protection rules and principles. The Company only ever retains records and information for legitimate business reasons and use, and we comply fully with the UK data protection laws and guidance.
John Murphy, Date: 15th January 2021 Managing Director
Date of Next Review: 8th June 2021
A few words from Melanie Webb, HR Manager, Quattro/AB2K Good morning As some of you may be aware, May 10th to 16th is Mental Health Awareness Week. The…
AB2K successfully secure funding under the CITB Leadership and Management Development Fund.
The changes we are making to help keep our teams and the wider community safe during the Coronavirus outbreak
Huge congratulations to Sam Christie, Assistant Transport Manager based at the AB2K Cambuslang depot, who is celebrating passing his CPC Transport Manager…
Quattro Group announced today that it has acquired the assets of Wrexham-based Road Rail Cranes Ltd.
We’re delighted to unveil to newest additions to our fleet, four brand new JCB 3CX backhoe loaders.
With a quarter of a century of plant hire under our belts, it’s a day of celebration here at AB2K!
We’re delighted to announce that the AB2K team will be attending Rail North of the Border on March 5th.
Congratulations are in order for Quattro Group’s Sarah Bartlett, who has just graduated with her Level 5 CIPD Human Resource Management.
AB2K is delighted to have taken delivery of two new Liebherr telescopic mobile cranes.
Christmas has come early for AB2K, with a brand-new website and logo launching just in time for the new year.
Enjoying a successful season in the British GP2 Championship with Mason Law, where they have scored two victories and eight podiums, ABM are already…
September 10th is World Suicide Prevention Day. Sobering statistics from the Office of National Statistics found that between 2011 and 2015, 13.2% of the…
The award, which recognises the exciting Mad Vax vacuum excavation system, was presented at the Network Rail awards, held on Wednesday night at Rail Live.
AB2000 is proud to be exhibiting at the Rail North of the Border Conference and Exhibition.