Rayfos is an innovative scientific software firm which provides state-of-the-art solutions and scientific applications to clients. We are extremely mindful as an employer of people and a company engaged in many high profile and important projects (such as with Horizon 2020) of the need to adopt strong standards of data protection in everything we do.

​

These data protection commitments summarise all the work we have done so far in compliance with the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/ 679 – the GDPR).
 

1. We have adopted an overarching data protection policy which guides our business and is available to all staff.

​

2. We have designed and written a privacy policy for employees – which helps us enormously to promote best practice in Rayfos and make our approach to privacy better understood and accessible to staff. This also helps us comply with the transparency and access-to-information requirements under articles 13 – 15 of the GDPR.

​

3. We have engaged professional advisers to help us with our GDPR compliance programme which is an ongoing schedule of work and review. This has led to the production of a GDPR preparation and implementation plan which is regularly reviewed.

​

4. We have launched a user-friendly data breach response protocol – which informs us of the key steps we need to take in the unlikely and unfortunate event of a data breach or cyber attack which impacts on the information, rights and freedoms of particular individuals.

​

5. We use a modern management information system, centrally controlled and overseen by our CEO. This deploys the latest Office 365 tools plus cloud storage and back up facilities which are continually monitored and protected.

​

6. To supplement our management information tools, we have recently produced a tailored data retention and disposals policy suited to Rayfos. In a modern age of data-hoarding, this helps us to keep on top of the relevance and “shelf-life” of all the data we hold, and commits us to safely removing unnecessary and obsolete data from the company.

​

7. We shall also be exploring appropriate training solutions and raising staff awareness of data protection law in both European context and a UK context where we are domiciled.

​

8. We continue to keep our compliance with data protection law under continuous review and will adopt a strong but proportionate approach to ensuring the safety and security of any personal data we control or process moving forwards