Omnia depends on information and communications technology systems to operate its business and administrative functions. Security of these systems, the hardware and networks on which they reside and the data which they host is necessary both to
honour Omnia‟s obligations to providers of data (employees, suppliers, customers and sub-contractors) as required under UK GDPR (Articles 25 and 32) and to protect Omnia‟s systems and data from damage loss or corruption whether it be accidental or deliberate.
Omnia employs best practice measures to ensure data security within its business, such measures include the use of strong passwords and encryption, Data is backed
up in line with Omnia’s backup procedures. All servers and PCs containing sensitive data are protected by security software and strong firewall.
In the usual course of business Omnia will not transfer data to any country outside the United Kingdom. If Omnia transfers any personal data outside the United Kingdom it will ensure that the personal data once transferred is subject to an adequate level of protection
(whether through an adequacy decision or the implementation of appropriate safeguards) and enforceable data subject rights and effective legal remedies for data subjects are available.
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
UK GDPR requires that a breach must be reported to the Information Commissioner‟s Office (“ICO”) unless the personal data breach is unlikely to result in
a risk to the rights and freedoms of individuals. The timeframes for reporting to the ICO are without undue delay and, where feasible, not later than seventy two (72)
hours after having become aware of the personal data breach. The timeframe for reporting to data subjects is without undue delay.
Omnia will risk assess as to whether any individuals, third parties or other stakeholders should be notified of the breach in accordance with the legislation. This
will depend on the nature of the breach; any notification must be carefully managed. It is important to build a detailed understanding of the breach quickly to avoid
providing misinformation when notifying; Where it is not possible to provide complete information in relation to a breach, the ICO requires that information is be provided in phases as it becomes available without undue further delay.