Data Security Policy

1. Introduction

This Data Security Policy is issued by Anra Deals LTD (hereafter referred to as "we", "us", or "our") and sets out our commitment to protecting the security of sensitive personal and confidential information. This policy complies with relevant legislation including, but not limited to, the Data Protection Act 2018, the Health & Social Care Act 2012, and the Common Law duty of confidentiality.

2. Purpose

The purpose of this policy is to outline the measures we take to prevent data security breaches and to define the actions we will take if a breach occurs. A data breach is any incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. Our goal is to protect the confidentiality, integrity, and availability of all data we process.

This policy specifically covers:

Physical access controls and procedures;
Digital access management and authentication;
Monitoring and logging of data access;
Regular audits and reviews of data security practices;
Incident response and breach notification procedures.

3. Scope

This policy applies to all personal and confidential data processed by Anra Deals LTD, regardless of format—whether electronic, paper-based, or other media. This includes special categories of data as defined by data protection legislation.

The policy is applicable to all personnel who have access to this data, including permanent employees, temporary workers, contractors, and third-party service providers engaged by Anra Deals LTD.

4. Physical Access Controls

We ensure that physical access to data storage areas is strictly controlled and limited to authorised personnel only. Access badges, secure locks, and visitor logs are maintained to prevent unauthorised entry.

5. Digital Access and Authentication

Digital access to sensitive systems and data is protected by robust authentication mechanisms such as strong passwords, two-factor authentication where applicable, and role-based access controls to ensure users can only access the data necessary for their roles.

6. Monitoring and Auditing

We continuously monitor access to sensitive data and conduct regular audits of our security controls to detect and prevent unauthorised activities. Any anomalies or suspicious behaviour are investigated promptly.

7. Data Breach Response

In the event of a data breach, we have established procedures to respond quickly and effectively. This includes containment, assessment, mitigation, notification to regulatory bodies if required, and communication with affected individuals where appropriate.

8. Training and Awareness

All staff and contractors receive regular training on data security best practices and their responsibilities in protecting personal information. We promote a culture of security awareness throughout the organisation.