• Home
  • /
  • MCSA GDPR Status

MCSA GDPR Compliance

Author:                 Mark Hodge
Title:                      Group Technical Director
Date:                     5th June 2018
Version:               4.0

The new European Union General Data Protection Regulation (EU GDPR) will come into effect here in the UK from 25th May 2018.

Many of our Clients are requesting information regarding the GDPR readiness of the MCSA Group Ltd (MCSA). Rather than responding to many different formats of questionnaires we have decided to provide a generic response which we believe will provide sufficient information for our clients. If our clients still require additional information then please request this by sending an email to, stating at least one contract number and the details of your request.

Download General Statement on GDPR from MCSA

1-Information Security
MCSA is certified to ISO27001 by BSI and has a fully audited Information Security Management System. This encompasses risk assessments and continuous improvement. MCSA is also certified to ISO9001 and has a fully audited quality management system in place. MCSA conducts regular security scans to identify and resolve any issues.

2-Data Protection Officer
MCSA Group has not appointed a Data Protection Officer (DPO) as it is not required under GDPR article 37. The person responsible for data privacy is our Technical Director, Mark Hodge. To contact us please send an email to

3-Data Privacy Policy
MCSA has a Data Privacy Policy.
Download Data Privacy Policy

MCSA does utilise sub-processors. MCSA is currently conducting an audit of all sub-processors to confirm compliance with GDPR. MCSA will engage sub-processors in accordance with GDPR as detailed in our Terms and Conditions.

5-Employee Confidentiality and Training
All MCSA employees are bound by a confidentiality agreement. All staff receive ongoing training on information security and data protection.

6-Standard Terms and Conditions
MCSA has updated its standard terms and conditions to comply with the requirements of GDPR. ‘Section 12, Data Privacy and Protection’ contains the amended clauses.
Download MCSA Standard Terms

7-Data Breach Notification
MCSA has a data breach notification policy that meets the requirements of GDPR.

8-Subject Access Requests (SAR), Rectification, Erasure, Restriction & Portability
MCSA will assist our Clients with regards to a SAR as detailed in our Terms and Conditions. MCSA will rectify, erase, restrict or transfer our Clients personal data in a portable format, in accordance with GDPR.

9-Records of Data Processing
MCSA does maintain written records of processing activities with respect to personal data in accordance with the requirements of the GDPR Article 30, as detailed in our Terms and Conditions.

10-Privacy by Design
In all new systems that may be implemented by MCSA, data privacy will be a key element, to ensure that system security is maintained and improved.

11-MCSA Group Client Declaration On GDPR Compliance
Upon request, MCSA will provide our Clients a signed declaration of our compliance with GDPR.
Download MCSA Client Declaration

12-Client Data Privacy Notice
MCSA will collect and process our Clients personally identifiable data in accordance with our Client Data Privacy Notice.
Download Client Data Privacy Notice

13-ICO Registration Number
MCSA is registered with the ICO as a Data Controller with a registration number of Z5316459


Mark Hodge
Group Technical Director
MCSA Group Ltd