Information for Customers
IT Centric – Roles & Responsibilities
Customer Data Breach Procedure
ICO define a breach as:
“A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing persona data.”
Personal data breaches include:
We have put a Data Breach Procedure in place to ensure that a data breach can be efficiently dealt with once it has been identified. Should we, IT Centric, become aware of a breach which could impact the data we manage and back up for you, we will contact you with undue delay. If a breach is identified by IT Centric, it is our responsibility to inform you the customer, who in turn has responsibility to inform the ICO and individuals who are affected by the breach. You must inform the ICO within 72 hours of becoming aware of any breach.
Example given by ICO:
“Your organisation (the controller) contracts an IT services firm (the processor) to archive and store customer records. The IT firm detects an attack on its network that results in personal data about its customers being unlawfully accessed. As this is a personal data breach, the IT firm promptly notifies you that the breach has taken place. You in turn notify the ICO”
Should a breach be identified by you or one of your third parties, please notify Gordon Sayers (firstname.lastname@example.org or 0131 477 2644) immediately you are aware of the breach. This will enable us to help you limit the potential risk of the data breach.
IT Centric is not responsible for data breaches which result from
Third Party Compliance
IT Centric has contacted all our third party providers who provide back up and security for our customer network infrastructure & servers and requested evidence of their GDPR compliance.
Our data management & back up services are managed through the Solarwinds RMM platform. You can learn about SolarWinds & GDPR at www.solarwindsmsp.com/resources/gdpr
When disposing of obsolete hardware (belonging to a customer) a third party is engaged to reuse or recycle the hardware and ensure secure data destruction of hard drives. Current provider is ReusingIT – www.reusingit.org. Certification of secure data destruction will be provided.
GDPR Responsibilities & Points of Contact
Overall compliance of GDPR – Managing Director – email@example.com
Customer Data Management – IT Manager – firstname.lastname@example.org
HR, Finance & Payroll – Finance Manager – email@example.com
Customer Communications – Marketing Manager – firstname.lastname@example.org
Read the IT Centric Privacy Notice.