MCSA GDPR Statement

Author: Mark Hodge

Title: Group Technical Director

Date: 5th June 2018

Version: 4.0

The new European Union General Data Protection Regulation (EU GDPR) will come into effect here in the UK from 25th May 2018.

Many of our Clients are requesting information regarding the GDPR readiness of the MCSA Group Ltd (MCSA). Rather than responding to many different formats of questionnaires we have decided to provide a generic response which we believe will provide sufficient information for our clients. If our clients still require additional information then please request this by sending an email to privacy@mcsa.co.uk, stating at least one contract number and the details of your request.

1-Information Security

MCSA is certified to ISO27001 by BSI and has a fully audited Information Security Management System. This encompasses risk assessments and continuous improvement. MCSA is also certified to ISO9001 and has a fully audited quality management system in place. MCSA conducts regular security scans to identify and resolve any issues.

2-Data Protection Officer

MCSA Group has not appointed a Data Protection Officer (DPO) as it is not required under GDPR article 37. The person responsible for data privacy is our Technical Director, Mark Hodge. To contact us please send an email to privacy@mcsa.co.uk

3-Data Privacy Policy

MCSA has a Data Privacy Policy. Download Data Privacy Policy

4-Sub-processors

MCSA does utilise sub-processors. MCSA is currently conducting an audit of all sub-processors to confirm compliance with GDPR. MCSA will engage sub-processors in accordance with GDPR as detailed in our Terms and Conditions.

5-Employee Confidentiality and Training

All MCSA employees are bound by a confidentiality agreement. All staff receive ongoing training on information security and data protection.

6-Standard Terms and Conditions

MCSA has updated its standard terms and conditions to comply with the requirements of GDPR. ‘Section 12, Data Privacy and Protection’ contains the amended clauses.

7-Data Breach Notification

MCSA has a data breach notification policy that meets the requirements of GDPR.

8-Subject Access Requests (SAR), Rectification, Erasure, Restriction & Portability

MCSA will assist our Clients with regards to a SAR as detailed in our Terms and Conditions. MCSA will rectify, erase, restrict or transfer our Clients personal data in a portable format, in accordance with GDPR.

9-Records of Data Processing

MCSA does maintain written records of processing activities with respect to personal data in accordance with the requirements of the GDPR Article 30, as detailed in our Terms and Conditions.

10-Privacy by Design

In all new systems that may be implemented by MCSA, data privacy will be a key element, to ensure that system security is maintained and improved.

11-MCSA Group Client Declaration On GDPR Compliance

Upon request, MCSA will provide our Clients a signed declaration of our compliance with GDPR. Download MCSA Client Declaration

12-Client Data Privacy Notice

MCSA will collect and process our Clients personally identifiable data in accordance with our Client Data Privacy Notice. 

13-ICO Registration Number

MCSA is registered with the ICO as a Data Controller with a registration number of Z5316459.

 

Mark Hodge Group

Technical Director

MCSA Group Ltd