top of page

Data Security Policy

 

Introduction

Obliquity Group Limited is committed to ensuring the security and confidentiality of all data entrusted to us by our customers, partners, and employees. This Data Security Policy outlines the measures we take to safeguard data and mitigate risks associated with data breaches.

Scope

This policy applies to all employees, contractors, and third parties who have access to Obliquity Group's systems, networks, or data.

Data Classification

Data should be classified based on its sensitivity and importance to the organisation. Classification levels may include:

  • Public: Information intended for public dissemination, with no confidentiality requirements.

  • Internal: Data for internal use only, not to be shared outside the organisation.

  • Confidential: Highly sensitive information, such as customer data, financial records, or intellectual property.

Data Handling

  • Access Control: Access to data should be restricted to authorised personnel only, based on the principle of least privilege.

  • Encryption: All sensitive data should be encrypted during transmission and storage using industry-standard encryption protocols.

  • Data Retention: Data should be retained only for as long as necessary and in compliance with legal and regulatory requirements e.g. GDPR. Once data is no longer needed, it should be securely deleted or anonymised.

  • Data Sharing: Data should be shared only with authorised parties and in accordance with data sharing agreements and protocols.

  • Remote Access: Remote access to Obliquity Group's systems and data should be secured using multi-factor authentication and encrypted connections.

  • Data Standards: All data must be securely stored in a database that has achieved ISO27001 and SOC 2 standards.

Data Breach Response

In the event of a data breach, Obliquity Group will:

  1. Immediately contain the breach to prevent further unauthorised access.

  2. Notify affected individuals and regulatory authorities as required by law.

  3. Conduct a thorough investigation to determine the cause of the breach and implement corrective actions to prevent future incidents.

  4. Provide support and assistance to affected parties, including credit monitoring services if necessary.

Data Erasure Request Clause

Under the General Data Protection Regulation (GDPR), individuals (data subjects) have the right to request the erasure of their personal data. Obliquity Group is committed to upholding this right and has established the following procedures to handle such requests:

1.      Submission of Requests:

  • Requests for erasure of personal data must be submitted in writing to our Data Protection Officer (DPO) at simon@obliquitygroup.com.

  • The request should include the individual's full name, contact details and a description of the data to be erased.

2.      Verification Process:

  • Obliquity Group will verify the identity of the individual making the request to ensure the security of personal data.

3.      Response Time:

  • We will acknowledge receipt of the request within 7 days.

  • We will respond to the request within 30 days of receipt, informing the individual of the action taken.

4.      Assessment and Action:

  • The DPO will assess the request against GDPR criteria to determine its validity.

  • If valid, Obliquity Group will erase the personal data from our records and inform the individual of the completion of this action.

  • If denied, Obliquity Group will provide the individual with the reason for the denial.

5.      Exceptions:

  • Requests may be refused if the data is required to comply with a legal obligation, to establish, exercise, or defend legal claims, or to perform a task carried out in the public interest.

Employee Responsibilities

 

All employees are responsible for:

  • Understanding and adhering to this Data Security Policy.

  • Reporting any suspected or actual security incidents or breaches to the appropriate authorities.

  • Safeguarding data in their possession and using it only for authorized purposes.

Training and Awareness

Obliquity Group will provide regular training and awareness programs to ensure that employees understand their responsibilities regarding data security and privacy.
 

Policy Review

This Data Security Policy will be reviewed and updated regularly to reflect changes in technology, regulations, and business practices.

Enforcement

Violation of this policy may result in disciplinary action, up to and including termination of employment or legal action, depending on the severity of the violation.

Simon Kelly (Managing Director)

bottom of page