My Privacy Notice below explains:
1. The Personal information I collect
2. Why I process your personal information
3. When and why I will disclose your personal information to HMRC
4. The rights and choices you have when it comes to your personal information.
5. The steps I take to ensure that your information is kept secure and confidential
6. How long I will keep your information for
7. How to contact me
My email address is 07772723963
My website is www.rsbookkeepingandaccounts.co.uk
I have a Facebook Page “rsbookkeeping&accounts”
The following are the criteria to assess and carry out in accordance with the new GDPR Data Protection Regulations 25.5.18
I will review personal data and assess all processes involved that require me to collect, store, use and dispose of personal data
I will treat all data as valuable, sensitive, confidential
I will continue to store all data on index cards, in a book, in hard files and on the computer in folders – however:
I will password protect my computer, and the files will be encrypted
Files are stored in a lockable filing cabinet in my office in my home
Payroll information is held on HMRC Basic Payroll Tools which is a cloud-based payroll
Pension information is held on Nest Pension Website, password protected
I keep client data for 6 years in accordance with HMRC rules
Any unnecessary paperwork is shredded
Clients are able to access their data and check what I hold if they require
Encryption of files on my desktop computer is updating new files continuously
I have set my computer to clean temporary internet files and empty recycle bin regularly
I update my Anti-Virus and Security System - I am currently using BT Net Protect Plus and Windows Defender which update and perform regular scans automatically.
This should stop breaches happening.
I will remove all old software that is obsolete
I will remove default passwords which can be well known to attackers
I will enforce strong passwords and limit the number of failed log in attempts
I will enforce regular password changes
I will act on any alerts from anti-virus scans immediately
I am the only member of staff of R S Bookkeeping & Accounts at present. I treat all information as sensitive and with confidentiality. I discuss my clients’ data only with HMRC and only when clients have given me permission to, as their agent
I am aware that devices like mobile phones and laptops can be stolen
I do not use a laptop or ipad and therefore do not transport data via these devices
I do not use USB devices to store information and therefore these cannot be mislaid
I do not use untrusted devices to connect to my network
I store data in a metal locked filing cabinet
Clients folders are kept locked in the boot of my car on a journey to visit them and not viewable to passers by
All post is marked Private & Confidential and is hand delivered or posted “signed for”.
Loss of data by fire is a breach of the Data Protection Act
I recognise I need a robust back up strategy to protect against disasters, but also against ransomware
All data is backed up to a Dropbox which can be accessed from elsewhere.
I currently do not have any staff.
Should I take on any staff I will make sure I or they don’t send an email to the wrong recipient.
I will make sure I or they will not open an email attachment containing malware
I or they will be taught to recognise threats such as phishing emails
I will read security bulletins or newsletters from HMRC and ICO.
I will address risks consistently and document the controls I have in place, and identify where improvements are needed
I will correctly use the security I already have
I will make sure I am compliant with industry guidance and legal requirements
I will minimise the data I hold and regularly shred any data superseded unless it is a record that needs to be held for 6 years
I will run an annual check on clients’ details to see if what I have is correct or out of date
Updated 12th April 2019 - Originally written 25th May 2018