JAM (UK) Ltd GDPR strategy

JOHN ALLEN MANAGEMENT (UK) LTD

JOHN ALLEN MANAGEMENT (UK) LTD

GDPR & DPA STRATEGY STATEMENT

Our company’s GDPR strategy document is designed to outline our commitment to observe and comply with all aspects of the General Data Protection Regulation.

GDPR came into effect on 25th May 2018, and has introduced a range of fresh guidelines spelling out the rights of consumers and dictating how companies can store and share information.

Our strategy document offers a high-level explanation of how our company plans to organise and implement our compliance with GDPR and demonstrates our company’s serious commitment about GDPR and (DPA).

1

JOHN ALLEN MANAGEMENT (UK) LTD

This strategy document is reviewed at least every six months and amended as necessary, to ensure that we at JOHN ALLEN MANAGEMENT (UK) LTD are delivering continued and adequate GDPR compliance.

Introduction

As a hugely significant change to the global business landscape, it is critical that JOHN ALLEN MANAGEMENT (UK) LTD embraces all aspects of GDPR to maintain full compliance.

JOHN ALLEN MANAGEMENT (UK) LTD

GDPR and Data Protection Strategy Statement

Last Updated: August 2023

At JOHN ALLEN MANAGEMENT (UK) LTD, we are steadfast

in our commitment to uphold the principles and regulations set

forth in the General Data Protection Regulation (GDPR) and the

Data Protection Act 2018 (DPA).

This strategy document serves as a testament to our unwavering

dedication to ensuring the privacy and security of personal data

entrusted to us under both GDPR and DPA.

We recognise the ever-evolving landscape of data protection, and

as such, this document is subject to review every six months, with

2

JOHN ALLEN MANAGEMENT (UK) LTD

necessary amendments made to maintain our commitment to

compliance with both regulations.

The General Data Protection Regulation (GDPR), enacted by the

European Union in April 2016, and the Data Protection Act 2018

(DPA), a UK-specific legislation that complements GDPR,

became enforceable on May 25, 2018.

These frameworks establish comprehensive rules for data

protection and privacy, setting forth the rights of individuals and

responsibilities for organisations regarding the collection,

processing, and storage of personal data.

“GDPR came into effect on 25th May 2018, and has

introduced a range of fresh guidelines spelling out the

rights of consumers and dictating how companies can store

and share information.”

This regulation represents a significant shift in the global business landscape, necessitating our full compliance under both GDPR

and DPA.

Our commitment and pledge to GDPR and DPA

compliance includes:

1. Data Protection Officer (DPO): We have appointed a Data

Protection Officer who oversees our compliance efforts under

both GDPR and DPA, ensuring adherence to all aspects of the

regulations.

2. Data Mapping and Inventory: We maintain a comprehensive

data processing inventory, documenting all data operations,

3

JOHN ALLEN MANAGEMENT (UK) LTD

including collection, processing, and storage, to facilitate

compliance with both GDPR and DPA.

3. Data Access and Subject Rights: We have established

procedures for handling data subject requests, including access,

rectification, and erasure, enabling individuals to exercise their

rights under both GDPR and DPA.

4. Data Security Measures: Our organisation has implemented

robust security measures, including encryption, access controls,

and regular security audits, to safeguard personal data under both

regulations.

5. Breach Response Plan: We have a well-defined breach

notification process that includes notifying authorities and

affected individuals within the mandated timeframes specified

under both GDPR and DPA.

6. Data Transfer Outside the EU: We ensure the protection of

data transferred outside the European Union and UK through

appropriate mechanisms and safeguards, in accordance with

GDPR and DPA.

7. Third-Party Compliance: We collaborate with partner

organisations, contractors, and third parties to establish

commitments under both regulations, incorporate relevant

contract terms, and enforce compliance controls.

8. Data Impact Assessments (DPIAs): We conduct DPIAs as

necessary to identify and mitigate risks to individuals' data rights,

ensuring comprehensive data protection under both GDPR and

DPA.

4

JOHN ALLEN MANAGEMENT (UK) LTD

9. Employee Training: We prioritize employee training in

compliance with GDPR and DPA, fostering a culture of

responsibility and awareness.

10. Data Retention: Our data retention policies are clearly

defined, specifying retention periods and the criteria used for

determining them, in alignment with both regulations.

11. Regular Audits and Reviews: We regularly review and audit

our data processing activities to assess legality, purpose, and

compliance, ensuring continuous improvement under both GDPR

and DPA.

12. Documentation and Records: We maintain meticulous

records and documentation as mandated by both GDPR and DPA

to demonstrate our commitment to transparency and

accountability.

13. Consent Management: When consent is the lawful basis for data processing, we meticulously manage and document consent in

compliance with requirements under both regulations.

14. Incident Reporting: Our internal procedures for reporting

data protection incidents are clear, and our employees are aware of

their obligations in reporting such incidents, in accordance with

both GDPR and DPA.

15. Continuous Improvement: We remain committed to

ongoing improvement in compliance with both GDPR and DPA,

staying abreast of legal changes and best practices to protect

personal data effectively.

5

JOHN ALLEN MANAGEMENT (UK) LTD

“At JOHN ALLEN MANAGEMENT(UK)LTD, we

wholeheartedly endorse the principles of GDPR and DP A,

emphasising digital rights, transparency, and accountability

in the collection and management of personal data.”

Our pledge is to honour these commitments and to evolve

our GDPR and DPA strategy continually to align with

emerging regulations and the evolving needs of our

business and clients.

6

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.