Highlander Training Ltd Data Storage Policy

1. Introduction

Highlander Training Ltd (“the Company”) is committed to ensuring the secure storage and handling of personal and business data. This policy outlines our approach to data storage in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all employees, contractors, consultants, temporary staff, and other workers at the Company, including all personnel affiliated with third parties.

3. Data Storage Principles

The Company adheres to the following principles for data storage:

3.1 Security

  • Store data securely using encryption and other appropriate security measures.
  • Implement access controls to ensure only authorized personnel can access data.
  • Regularly update and patch systems to protect against vulnerabilities.

3.2 Retention

  • Retain data only as long as necessary for the purposes for which it was collected.
  • Follow a defined retention schedule for different types of data.
  • Dispose of data securely when it is no longer needed.

3.3 Backup

  • Perform regular backups of critical data.
  • Store backups in a secure, separate location.
  • Regularly test backup and recovery procedures to ensure data can be restored in the event of data loss.

4. Data Types

4.1 Personal Data

  • Store personal data in compliance with UK GDPR principles.
  • Encrypt personal data both in transit and at rest.

4.2 Business Data

  • Store business data in a manner that ensures its confidentiality, integrity, and availability.
  • Protect sensitive business data with appropriate security measures.

5. Responsibilities

  • Data Protection Officer (DPO): Oversees the implementation of this policy and ensures compliance with data protection regulations.
  • IT Department: Manages the technical aspects of data storage, including security measures and backups.
  • Employees: Follow this policy and report any data storage issues or breaches to the IT Department or DPO.

6. Training

The Company will provide regular training to all employees on data storage practices and the requirements of the UK GDPR.

7. Review

This policy will be reviewed annually or when necessary to reflect changes in legislation, regulatory guidance, or the Company’s practices.

8. Contact

For any questions regarding this policy or the Company’s data storage practices, please contact the Data Protection Officer