With the introduction of GDPR on 25th May 2018 we have updated our relevant policies as well as improved our practices and procedures to insure that any data we hold on our members is secure. We have also used these new regulations as on opportunity look at what data we hold on our members and delete any unnecessary data.
If you would like to discuss anything in relation to this matter then please contact us at firstname.lastname@example.org
All Northamptonshire Chamber of Commerce employees have completed GDPR awareness training. In addition, we constantly review how we collect, control and communicate data and all employees are part of this process.
GDPR awareness training is also part of our new employee induction process.
All of the data that the Northamptonshire Chamber collect is handled by Brighter Connections Applications & Analytics
How and where is our data stored?
The Northamptonshire Chamber of Commerce currently use Brighter Connections Applications & Analytics’s Clim8 CRM package which includes the add on Events Manager Module, International Trade Module and CRM Web Services that are currently hosted on the internet to allow the Chamber website to talk to the CRM live data and show their members data live on the website, but only with the members’ permission. The data that is currently held by our company is a copy of the Chamber’s live data. The data is restricted as to who can access it, which includes only two members of staff and all data is stored on bit-lockered drives.
Why is our data secure?
Brighter Connections Applications & Analytics store copies of the data for support purposes only (with the Chambers knowledge and permission) and this data is stored on our server which is bit-locker encrypted and also stored on backups including off site backups which are also bit-locker encrypted. Sometimes the data can be stored on development laptops – which are also bit-locker encrypted.
What is the Procedure/Policy in the event of a data breach?
Brighter Connections Applications & Analytics currently has a Data Breach Policy and Procedure in line with ISO27001 and now have a Policy and Procedure in place which will come into effect by May 2018.
Brighter Connections have the following documents in place:
Information Security Event Procedure
Information Security Event Reporting Form
Security Data Breach Register
• All Brighter Connections employees whether temporary or permanent, contractors, third parties and Directors are all responsible for reporting any personal data breach to our Compliance Manager
• All Brighter Connections have received relevant training
• For any internal data breach considered to be low risk, the breach is notified within 24 hours to Brighter Connections Compliance Manager and recorded on our Information Security Event Reporting Form. This Form is very detailed and captures all the information which needs to be recorded about the personal data affected, data subjects, data records, interested parties and parties notified. It also captures lots of other information in terms of the steps Brighter Connections will take to limit the damage and steps to reduce risk of reoccurrence. All information is then recorded on our Data Breach Register
• Where a personal data breach is considered serious and high risk and likely to result in high risk to the rights and freedoms of the data subject, then the relevant supervisory authority is notified within the timescales required and using the relevant Security Breach Notification Form. All information is then recorded on Brighter Connections Data Breach Register
• Guidelines are also contained in our procedure as to what constitutes low risk and high risk so that Brighter Connections employees are very clear about this.
As a member of the Northamptonshire Chamber of Commerce we deem it necessary to contact our members via email and telephone to ensure that you are aware of the products, services and events that are included in your membership to the Chamber.