Back to home

UK GDPR & Data Protection Policy

JN Compliance & Safety Solutions Ltd — Version 1.0, May 2026

1. Policy Statement

JN Compliance & Safety Solutions Ltd is committed to protecting all personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We collect only the minimum data required, process it lawfully and fairly, and store it securely using appropriate technical and organisational measures. We ensure transparency, accuracy, confidentiality and accountability in all data-handling activities.

2. Scope, Purpose & Privacy

This policy applies to all personal data processed by JN Compliance & Safety Solutions Ltd, including:

  • Clients and landlords
  • Tenants (where compliance services require access to tenancy information)
  • Employees and subcontractors
  • Suppliers and business contacts
  • Website and social media users

3. Responsibilities

Director

  • Ensures overall compliance with UK GDPR.
  • Approves policies, procedures and annual reviews.

Compliance Manager / Data Lead

  • Manages data storage, access, retention and disposal.
  • Maintains Records of Processing Activities (ROPA).
  • Oversees breach reporting and investigation.
  • Ensures privacy notices and consent processes are accurate and up to date.

Employees & Subcontractors

  • Follow all data protection procedures and training.
  • Handle personal data responsibly.
  • Report suspected breaches immediately.

4. UK GDPR Principles

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability

5. Security & Confidentiality

  • Encrypted digital storage
  • Password-protected systems
  • Secure cloud platforms
  • Restricted access for authorised personnel only
  • Locked physical storage where applicable
  • Regular security reviews and updates

6. Data Classification

  • Personal data — names, contact details, property information
  • Special category data — processed only when necessary (e.g. health information for risk assessments)
  • Confidential business data — compliance reports, contractor information, internal documentation

7. Identity & Access Control Policy

  • Unique user accounts
  • Strong password requirements
  • Two-factor authentication (where available)
  • Access logs and monitoring
  • Immediate removal of access when staff leave the business

8. Compliance Requirements

  • UK GDPR
  • Data Protection Act 2018
  • ICO guidance
  • Industry-specific compliance requirements (e.g. landlord safety documentation, contractor records)

9. Staff Training

  • Password security procedures
  • Secure browsing habits
  • Workplace social media policy
  • Environmental controls (verifying contractors, avoiding shoulder-surfing, logging out of systems)
  • Data management and privacy
  • Understanding data classification and confidentiality levels
  • Legal responsibilities under UK GDPR

Training is refreshed annually or when legislation changes.

10. Data Collection

  • Client and landlord contact details
  • Property information
  • Compliance documentation
  • Tenant details (where required for safety checks)

11. Data Storage & Retention

Data is stored securely using encrypted systems and secure cloud platforms. Retention periods are based on legal requirements, contractual obligations and business needs. Data is deleted or anonymised when no longer required.

12. Data Sharing

  • Accredited assessors
  • Certification bodies
  • Legal authorities (if required)
  • Subcontractors working under confidentiality agreements

We never sell personal data.

13. Privacy Notice

Our Privacy Notice includes company contact details, lawful basis for processing, types of data collected, how data is used, who it is shared with, retention periods, rights of individuals, the complaints process (ICO) and whether automated decision-making is used (currently none).

14. Subject Access Requests (SARs)

  • Acknowledged promptly
  • Completed within 30 days
  • Logged and recorded
  • Provided free of charge unless excessive or repetitive

15. Children's Data

JN Compliance & Safety Solutions Ltd does not routinely process children's data. If this changes, parental consent will be required for anyone under 13, and additional safeguards will be implemented.

16. Data Breach Management

  1. Identify and contain the breach
  2. Assess risk and impact
  3. Notify affected individuals (if required)
  4. Report to the ICO where legally required
  5. Record the incident and corrective actions

17. Review & Approval

This policy will be reviewed annually or sooner if legislation changes.

Signed: J Noon
Director – JN Compliance & Safety Solutions Ltd
Date: May 2026 · Review: Annual