GDPR
You're data is in safe hands with us. We safeguard your data across a number of platforms. You're information is secure across our network of computer systems with Microsoft Intune Policies, Cliniko, Active Directory, Microsoft Defender & Bitlocker.
Introduction
The EU General Data Protection Regulation (“GDPR”) came into force on 25 May 2018.
The new Regulation aims to standardise data protection laws and processing across the EU, giving people greater rights to access and control their personal information.
Our Commitment
Taylor organisation Ltd, T/AS FOOT CARE, are committed to ensuring protection of all personal information that we hold, and to provide and to protect all such data. We recognise our obligations in updating and expanding this program to meet the requirements of GDPR.
Taylor organisation Ltd, T/AS FOOT CARE, Partners & affiliates are dedicated to safeguarding the personal information under our control and in maintaining a system that meets our obligations under the regulations. Our practice is summarised below.
Security
Practitioners trust Cliniko with the safe-keeping of millions of confidential client records every day. Security isn’t just fine-print for us: it’s a central feature and shapes every decision we make.
Ultra-secure facilities
Cliniko is hosted in state-of-the-art datacenter facilities. Physical access is controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means.
High availability
We use datacentre facilities that are built in clusters. In case of failure, automated processes move customer data traffic away from the affected area and into other sites that are functioning properly. It all occurs behind the scenes, and you won’t even notice when it’s happening.
Encryption
Whenever your data is sent between us & Cliniko, it’s encrypted using HTTPS (end-to-end encryption). We use a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm.
Here’s what it means: all data shared between you and Cliniko is transmitted and stored securely. No one can read the information except for you and us. Plus, Cliniko refresh your backup every day to make sure it stays current. In addition to Cliniko; your data may be stored with Microsoft, Microsoft Azure or our web hosting partner such as goDaddy.
Accreditations and Certifications
We choose our partners carefully. Cliniko hosting partner, Amazon Web Services (AWS), has achieved the following accreditations and certifications:
· PCI DSS Level 1 (Payment Card Industry Data Security Standard)
· ISO 27001 (Information Security Management System)
24/7/365 Monitoring
Cliniko is monitored 24 hours a day, 7 days a week, 365 days a year. If something goes wrong, we’ll be the first to know about it, and our team will jump into action straight away—no matter when it happens!
Backups
Cliniko data is backed up daily. Backups are redundantly stored in multiple physical locations. Data is also constantly streamed to replica databases for up to the second redundancy.
In other words, we’ve got backups for your backups and a contingency in place to handle any potential interruptions to the storage process. Don’t forget that you can also export your data at any time and create your own backups too.
Taylor organisation Ltd, T/AS FOOT CARE, already have a consistent level of data protection and security across our organisation, but we have introduced new measures to ensure additional compliancy.
· Policies and Procedures — we have checked data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
o Data Protection - our main policy and procedure document for data protection has been revised to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy and the rights of individuals.
o Data Retention and Erasure - we have updated our retention policy and schedule to ensure that we meet the "data minimisation" and "storage limitation" principles and that personal information is stored, archived and destroyed in accordance with our obligations. We have procedures in place to meet the new "Right to Erasure" obligation.
o Data Breaches - our procedures ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach as early as possible. Our procedures have been explained all employees.
o International Data Transfers and Third-Party Disclosures - where Taylor organisation ltd T/AS Foot care stores or transfers personal information outside the EU, we have robust procedures in place to secure the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as binding rules, or standard data protection clauses for those countries without.
· Privacy Notice/Policy - we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
· Obtaining Consent - we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information
· Direct Marketing - we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
· Data Protection Impact Assessments (DPIA) - where we process personal information that is considered high risk, we have developed stringent procedures for carrying out impact assessments that comply fully with the GDPR's Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
· Processor Agreements - where we use any third-party to process personal information on our behalf (ie Payroll, Recruitment, Hosting, etc), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they meet and understand their/our GDPR obligations.
Data Subject Rights
We provide easy-to-access information via [our website, in the office, during induction, etc] of an individual’s right to access any personal information that Taylor organisation Ltd, T/AS FOOT CARE, Partners & affiliates processes about them and to request information about:
· what personal data we hold about them
· the purposes of the processing
· the categories of personal data concerned
· the recipients to whom the personal data has/will be disclosed
· how long we intend to store your personal data for
· if we did not collect the data directly from them, information about the source
· the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
· the right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
· the right to lodge a complaint or seek judicial remedy and who to contact in such instances.
Information Security and Technical and Organisational Measures
Taylor organisation Ltd, T/AS FOOT CARE, Partners & affiliates takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction.
GDPR Roles and Employees
Taylor organisation Ltd, T/AS FOOT CARE, Partners & affiliates have a designated individual as our Data Protection Officer (DPO).
Taylor organisation Ltd, T/AS FOOT CARE, Partners & affiliates understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR.
If you have any questions about our GDPR compliance policies, please contact Taylor organisation Ltd via the contact methods below. If you have any questions please contact us at : compliance@taylororganisation.org
Microsoft Intune can help you keep your managed devices secure and up to date while helping you to protect your organization's data from compromised devices. Data protection includes controlling what users do with an organization's data on both managed and unmanaged devices. Data protection also extends to blocking access to data from devices that might be compromised.
This article highlights many of Intune's built-in capabilities and partner technologies you can integrate with Intune. As you learn more about them, you can bring several together for more comprehensive solutions on your journey towards a zero-trust environment.
From the Microsoft Intune admin centre, Intune supports managed devices that run Android, iOS/iPad, Linux, macOS, and Windows 10 and Windows 11.
When you use Configuration Manager to manage on-premises devices, you can extend Intune policies to those devices by configuring tenant attach or co-management.
Intune can also work with information from devices that you manage with third-party products that provide device compliance and mobile threat protection.
Protect devices through policies
Deploy Intune's endpoint security, device configuration, and device compliance policies to configure devices to meet your organizations security goals. Policies support one or more profiles, which are the discrete sets of platform-specific rules you deploy to groups of enrolled devices.
-
With endpoint security policies, deploy security focused policies that are designed to help you focus on the security of your devices and mitigate risk. The available tasks can help you identify at-risk devices, to remediate those devices, and restore them to a compliant or more secure state.
-
With device configuration policies, manage profiles that define the settings and features that devices use in your organization. Configure devices for endpoint protection, provision certificates for authentication, set software update behaviors, and more.
-
With device compliance policies, you create profiles for different device platforms that establish device requirements. Requirements can include operating system versions, the use of disk encryption, or being at or under specific threat levels as defined by threat management software.
Intune can safeguard devices that aren't compliant with your policies and alert the device user so they can bring the device into compliance.
When you add Conditional Access to the mix, configure policies that allow only compliant devices to access your network and organization's resources. Access restrictions can include file shares and company email. Conditional Access policies also work with the device state data reported by third-party device compliance partners you integrate with Intune.
Following are a few of the security settings and tasks you can manage through available policies:
-
Device encryption – Manage BitLocker on Windows 10 devices, and FileVault on macOS.
-
Authentication methods – Configure how your devices authenticate to your organization's resources, email, and applications.
-
Use certificates for authentication to applications, your organization's resources, and for signing and encryption of email using S/MIME. You can also set up derived credentials when your environment requires the use of smartcards.
-
Configure settings that help limit risk, like:
-
Require multi-factor-authentication (MFA) to add an extra layer of authentication for users.
-
Set PIN and password requirements that must be met before gaining access to resources.
-
Enable Windows Hello for Business for Windows 10 devices.
-
-
-
Virtual private networks (VPNs) – With VPN profiles, assign VPN settings to devices so they can easily connect to your organization's network. Intune supports several VPN connection types and apps that include both built-in capabilities for some platforms and both first and third-party VPN apps for devices.
-
Software updates – Manage how and when devices get software updates. The following are supported:
-
Android firmware updates:
-
Firmware Over-the-Air (FOTA) - Supported by some OEMs, you can use FOTA to remotely update firmware of devices.
-
Zebra LifeGuard Over-the-Air (LG OTA) - Manage firmware updates for supported Zebra devices through the Intune admin centre.
-
-
iOS - Manage device operating system versions, and when devices check for and install updates.
-
macOS - Manage software updates for macOS devices that enrolled as supervised devices.
-
Windows 10, you can manage the Windows Update experience for devices. You can configure when devices scan or install updates, hold a set of your managed devices at specific feature versions, and more.
-
-
Security baselines – Deploy security baselines to establish a core security posture on your Windows 10 devices. Security baselines are preconfigured groups of Windows settings that come recommended by the relevant product teams. You can use baselines as provided or edit instances of them to meet your security goals for targeted groups of devices.
Protect data through policies
Intune-managed apps and Intune's app protection policies can help stop data leaks and keep your organization's data safe. These protections can apply to devices that are enrolled with Intune and to devices that aren't.
-
Intune-managed apps (or managed apps for short), are apps that have been integrated with the Intune App SDK or wrapped by the Intune App Wrapping Tool. These apps can be managed using Intune app protection policies. To view a list of publicly available managed apps, see Intune protected apps.
Users can use managed apps to work with both your organization's data, and their own personal data. However, when app protection policies require the use of a managed app, the managed app is the only app that can be used to access your organization's data. App protection rules don't apply to a user's personal data.
-
App protection policies are rules that ensure an organization's data remains safe or contained in a managed app. The rules identify the managed app that must be used and define what can be done with the data while the app is in use.
The following are examples of protections and restrictions you can set with app protection policies and managed apps:
-
Configure app-layer protections, like requiring a PIN to open an app in a work context.
-
Control the sharing of an organization's data between apps on a device, like blocking copy and paste, or screen captures.
-
Prevent the saving of your organization's data to personal storage locations.
Use device actions to protect devices and data
From the Microsoft Intune admin centre, you can run device actions that help keep a selected device protected. You can run a subset of these actions as bulk device actions to affect multiple devices at the same time. And several remote actions from Intune can also be used with co-managed devices.
Device actions aren't policy and take effect a single time when invoked. They apply either immediately if the device is accessible on-line, or when the device next boots up or checks in with Intune. Considered these actions as supplemental to the use of policies that configure and maintain security configurations for a population of devices.
Following are examples of actions you can run that help secure devices and data:
Devices managed by Intune:
-
BitLocker key rotation (Windows only)
-
Disable Activation Lock (iOS only)
-
Full or Quick scan (Windows 10 only)
-
Remote lock
-
Retire (which removes your organization's data from the device while leaving personal data intact)
-
Update Microsoft Defender Security Intelligence
-
Wipe (factory reset the device, removing all data, apps, and settings)
Last reviewed : 18/03/2024