General Data Protection Regulations 2018

PIMS GDPR Policy 2023

Quattro Group are committed to the effective and complaint management of the personal data we control. This policy details the leadership commitments the directors and senior management team of Quattro Group undertake to ensure the highest level of compliance with:

Data Protection Act 2018 – Chapter 12 (The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419)) as amended

  • Data Protection Act 1998 -Chapter 29
  • BS ISO 10012:2017 - Data protection - Specification for personal information management systems PIMS
  • ISO/IEC 27001:2013 - Information Security Management System – Guidelines


Our 6 key management system principles for the processing of personal information:

  • All personal information shall be processed lawfully, fairly and in a transparent manner
  • Shall be collected for specific, explicit and legitimate purposes and only processed in accordance with the purpose(s) it is collected. Only.
  • Personal information data shall be limited, relevant and accurate as necessary for the purpose it is collected.
  • Personal information shall be kept up-to-date where required
  • Personal information shall be stored in a format adequate to readily identify the subject for no longer than necessary
  • All personal information shall be processed in a secure manner including unauthorised access controls

To ensure the security of personal data Quattro Group have invested significant resources in information technology systems:

  • ISO27001 Compliant Information technology infrastructure
  • Cyber Essentials ISO27001 penetration testing of Quattro Group networks
  • Citrix Information technology networks and data management

Our Citrix IT systems eliminate the most common forms of data breach ensuring data cannot be copied, removed or held on personal devices or Company laptops etc. Further levels of device password protection and Citrix password protection provide additional advanced security.

To reinforce our information technology infrastructure the Quattro Group Human Resources Team operate a robust management system compliant with the requirements of ISO10012 - Data protection - Specification for personal information management systems PIMS. This management system is regularly audited in conjunction with our British Standards Institute lead auditor and the Human Resources Team.

Where possible Quattro Group eliminate paper records however where required GDPR protected records are stored in secure locked cabinets accessible only by the Human Resources Team.


The Quattro Group PIMS processes include:

  • Data storage, retention, classification and erasure
  • Data processing, communication and transfer
  • Data user access control, access request, access violation & data breach
  • Emergency responses & disaster recovery
  • Training & competence
  • Data Controller Team DBS verification
  • Auditing, control of non-conformances and corrective action


John                                                          Reviewed By: Melanie Webb
Murphy,                                                                Date:  30th  May 2023
Managing Director                               Date of Next Review:  30th  May 2024