GDPR Compliance Statement 2018
This statement is made in accordance with The General Data Protection Regulation (GDPR) and sets out the steps that Plan B Disaster Recovery has taken and is continuing to take to ensure our operations are compliant with the legislation.

Our business

Plan B is a specialist IT Continuity and Disaster Recovery Service provider. Based in the UK, we specialise in mid-market complex disaster recovery services with a client base across finance, commercial, legal and public sectors. We offer our services directly to customers and indirectly via resellers and own-label partners.

Plan B has in the region of 20 core suppliers within the information technology sector providing data centre services, software and hardware.

Plan B acts as a data controller for the data collected for marketing purposes, Human Resources and customer information. We also act as a data processor for our customer base as we hold copies of their data for disaster recovery purposes.

Plan B is ISO27001 certified and has an effective information security management system (ISMS) in place to minimise the risk of a data breach.

Policies and Processes

We operate a framework of internal policies and processes to ensure that we are conducting business in a lawful, secure and transparent manner.

These include:

  1. Information Security Management System
    Security framework that conforms to ISO27001 standard minimising the risk of a data breach. The framework’s scope covers Plan B’s entire operation and includes security incident management and data breach management including details around notifications to data subjects and Supervisory Authorities. The framework also covers the secure deletion of data.
  2. Subject Access Request policy
    This sets out our approach to recording, responding to and the timescales and governance around Subject Access Requests (SAR).
  3. Privacy Policy
    Plan B’s Privacy Policy sets out our commitment to the privacy of personal data, what we collect and hold, the legal basis under which we do this and individuals rights to know what we hold and to correct or have data deleted and to withdraw consent. This can be down loaded from our website.
  4. New Supplier Procedure
    This sets out our approach to assessing suppliers and specifically requires suppliers to confirm their compliance with legislation including GDPR and Modern Slavery.
  5. Contractual terms and conditions
    All Plan B contracts with customers, suppliers and partners have been updated to reflect GDPR and ensure we can meet Plan B’s obligations and help our customer’s meet their obligations under the legislation.

Our suppliers

Plan B operates an approved supplier policy. We conduct due diligence on all suppliers before doing business with them. This due diligence includes assessing their position relating to GDPR compliance. We have also reviewed our existing suppliers compliance.

We require that suppliers confirm to us that:

  1. They have updated their contractual agreements to reflect the regulation
  2. They have taken steps to ensure their compliance

Training

We conduct training for our staff so that they understand the legislation and our business processes supporting compliance of the legislation.

Effectiveness

Our effectiveness in complying with the legislation is monitored by Plan B’s Information Security Management Forum (ISMF). The ISMF formally monitors the effectiveness of the steps that we are taking to ensure that we comply with the legislation. It checks that policies are being followed and for any areas of continual service improvement.

Approval for this statement

This statement was approved by Plan B’s Information Security Management Forum on 15th May 2018

Tim Signature

Tim Dunger

Director