Data security & protection policy


E File UK Ltd (also trading as needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. They can also include data stored on behalf of customers which may include medical records, financial records, human resources records and other sensitive data.
This policy describes how this personal data will be collected, handled and stored to meet the company’s data protection standards and to comply with the law.

Why this policy exists
This policy ensures E File UK Ltd:

Data Protection law
The Data Protection Act 2018 describes how organisations must collect, handle and store personal information.
NOTE: This is based on the assumption that the new UK Data Protection Act is published on schedule.
This policy applies regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The Data Protection Act is underpinned by eight important principles. These say that personal data must:
1. be processed lawfully and fairly;
2. not be processed in a manner incompatible with the purpose for which it collected;
3. be adequate, relevant and not excessive;
4. be accurate and, where necessary, kept up to date;
5. be kept for no longer than necessary;
6. be processed in a manner that ensures the appropriate security.
NOTE: Based on the Data Protection Bill published 18thy January 2018.

Policy scope
This policy applies to all staff, branches, volunteers, suppliers and other people working on behalf of E File UK Ltd
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act. This can include:

Data security risks
This policy helps to protect E File UK Ltd and its customers from data security risks, including: Responsibilities
Everyone who works for or with E File UK Ltd has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:

General staff guidelines

Data storage
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or Data Protection Officer.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.

Minimising data loss
Physical documents will be protected from potential loss due to natural disasters, accidental or malicious damage. Data use
When confidential data is accessed and used it can be at the greatest risk of loss, corruption or theft:

Data accuracy
The Data Protection Act requires E File UK Ltd to take reasonable steps to ensure data is kept accurate and up to date.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

Data destruction
When data is destroyed or shredded it should be: Subject access requests
All individuals who are the subject of personal data held by E File UK Ltd in its role as a data controller are entitled to: Disclosing data for other reasons
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, E File UK Ltd will disclose requested data. However, E File UK Ltd will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Providing information
E File UK Ltd aims to ensure that individuals are aware that their data is being processed, and that they understand:

  • how the data is being used;
  • how to exercise their rights. To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.