This statement was produced on 18 June 2018 and replaces our previous statement of 17 April 2018. It may be updated in the future and we’ll post any new version here on our website.
GDPR
GDPR (General Data Protection Regulation) imposes strict controls on how all organisations collect and process personal data within the European Union and/or personal data of EU citizens.
The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:
- processed lawfully, fairly and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for processing
- accurate and kept up to date
- retained only for as long as necessary
- processed in an appropriate manner to maintain security
What has RNS Chartered Accountants done to prepare for GDPR?
We are constantly improving the technical and organisational security measures we have in place to protect your data and ensure we are fully compliant with GDPR. The work we are doing will also assist with your own compliance obligations regarding any customer data held within RNS Chartered Accountants.
Under the terms of GDPR, RNS Chartered Accountants will only collect, store and process personal data required to perform the Services provided by RNS Chartered Accountants (e.g. contact details, bank account details, email addresses, National Insurance, passport, payroll and PAYE numbers). We will not collect, store or process data that is labelled as sensitive under GDPR.
Here are some of the ways we are ensuring that we are fully GDPR compliant.
Awareness & accountability
We have a company-wide commitment to ensuring complete compliance with GDPR. Our progress is communicated throughout all departments regularly, so that everyone working at RNS Chartered Accountants understands what needs to be done and by when.
Audit
We are continuing with an extensive audit to clearly document what data we hold, where we hold it, where that data comes from and where it potentially goes. This enables us to keep track of all data and allows us to make the right decisions to ensure that your data is always protected.
Policies
We have updated our Privacy Policy along with our Terms of Engagement so that you can see exactly how, why, where and for how long we may be processing and holding your data. You can contact us on privacy@rnsca.co.uk at any point in time if you have questions or would like to lodge a complaint.
Basis and consent
By signing our letters of engagement, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In order words, for you to benefit fully from the services provided by RNS Chartered Accountants, we will need to process some of your data.
Your rights
Under GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).
This is also true for the data you hold about your employees within our payroll services – you need to be able to adhere to GDPR requirements too, and we are willing to support you with this.
Data protection
Security is a priority in everything we do at RNS Chartered Accountants. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use a number of technical and organisational measures – which are also continually adapting – to stay ahead of potential threats.
Legal jurisdiction
RNS Chartered Accountants have offices in Scunthorpe, Brigg and Barton Upon Humber, so we ultimately answer to the UK Information Commissioner’s Office (ICO) regarding Data Privacy and Protection.
Despite all our best efforts, should the unthinkable happen and we suffer a significant data breach that puts your personal data at risk, we have a legal duty to report this to the ICO within 72 hours of discovery. We have updated our internal Security Incident Response Policy and Procedures to include mandatory notification requirements, both with the ICO and publicly with you, our customers.
Maintaining your privacy is of the utmost importance to us.
Contacting us
If you want to contact us about GDPR, data protection or how we handle your data in general, please contact us at privacy@rnsca.co.uk and we will get back to you promptly.
Where can I learn more about GDPR?
The UK Information Commissioner’s Office website is a great resource for GDPR info: http://ec.europa.eu/justice/data-protection/index_en.htm