Ex Cathedra Solutions Limited is committed to ensuring that data is managed in an appropriate manner. We follow the data protection principles in all our work; in particular we want to ensure you have “no surprises” – transparency – in how we use data.
Staff guidance on data handling is given at https://excathedra.solutions/staff-guidance-on-data-handling/
All use of data is subject to the data protection principles which are (in summary) that data shall be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary
- Processed in a manner that ensures appropriate security
Our policies and procedures are designed with this principles in mind.
Where data is not required to be identifiable, we shall use anonymised or pseudonymised data to minimise risk.
Our Director, Steve Durbin is our Senior Information Risk Owner and manages data issues. The company is not required by law to appoint a DPO (although it does act as an outsourced DPO for other organisations). You can contact him with any concerns via the contact us links on the website.
Training and Certifications
We require all staff concerned with management of other’s data to maintain training in data security and cyber security.
We are certified to Cyberessentials standard as an organisation.
Subject Access Requests and Data Subject Requests
We deal with all requests as required by the law. Please use the contact us link to register a request.
NHS National Data Opt-Out
We maintain training in the NHS National Data opt-out – however we do not process any data to which it applies.
This policy is reviewed annually. The last review was 1 May 2021.