The RNN Group will take your concern seriously and work with you to try to resolve any issues that you raise. Here are some tips from the Information Commissioners Office (ICO) to assist when you wish to raise a concern.
Data Breach
It is the duty of all RNN Group staff to report data breaches to the Data Protection Officer (DPO) as soon as they become ‘aware’ of a breach.
Awareness is defined as to when a member of staff has a reasonable degree of certainty that a security incident has occurred and that this has led to personal data being compromised.
Data breach reporting is not exclusive to RNN Group staff members, breaches can be reported by anyone to the DPO using the simple submission form below.
The decision to report a data breach, either to the Information Commissioners Office (ICO) or to the data subjects themselves, remains solely with the Group’s DPO.
The Data Protection Act 2018 explains that a personal data breach can be categorised as:
“Confidentiality breach” – Where there is an unauthorised or accidental disclosure of, or access to, personal data
“Availability breach” – Where there is an accidental or unauthorised loss of access to, or destruction of, personal data
“Integrity breach” – Where there is an unauthorised or accidental alteration of personal data
It should also be noted that, depending on the circumstances, a breach could concern confidentiality, availability and integrity of personal data at the same time, as well as any combination of these.
Click the following link for further guidance and examples for Identification and action
How to report a data breach
Should you wish to report a potential data breach to the RNN Group, then please complete our online form with the details and incident specifics then click on the ‘submit’ button to report the incident to the Information Governance (IG) team.
Once a breach is reported to the IG team they must react swiftly to any privacy issues when they arise, they will advise and change practice where necessary and are non-judgemental with their actions and findings.
It is vitally important that they act quickly; the Group only has 72 hours to formally report a data breach to the ICO.
It is recognised by the RNN Group that sanctions may be applicable should we fail in our obligations under the Data Protection Act 2018 to report a data breach to the ICO.
Please click the link below and use the electronic form to provide the RNN Group with the information it will need to process your concern:
You have the right to be confident that the RNN Group handles your personal information responsibly and in line with good practice.
You also have a right to raise a concern with the RNN Group where this relates to the handling of personal data.
If you have a concern about the way the RNN Group is handling your information, for example if you feel that the Group:
- is not keeping your information secure;
- holds inaccurate information about you;
- has disclosed information about you;
- is keeping information about you for longer than is necessary; or
- has collected information for one reason and is using it for something else,
then the Group will deal with your concern and take the appropriate action.
- Raise your concern quickly People move on, memories fade and records are deleted in line with retention policies. The longer it takes to raise your concern, the harder it will be to look into it thoroughly.
- Send it to the right place There’s no point in raising a matter quickly if it then takes weeks to get to the right department.
- Write legibly Typed or word processed documents are easiest to read. If you write your complaint by hand, make sure your writing is easy for others to understand.
- Keep your language simple Don’t feel that you have to quote legislation to raise a complaint. Just explain clearly and simply what has happened and, where appropriate, the effect it has had on you.
- Be specific If you have had a long relationship with the RNN Group, resist any temptation to include historical or unrelated complaints in your letter. This can confuse matters and leave the Group unsure which of your concerns you really want them to deal with.
- Don’t move the goalposts Include full details of your concern at the beginning, don’t raise additional unrelated matters as part of that complaint. However, if it appears that the Group has misunderstood you, or has not given a full response, you should let us know.
- Stay reasonable You may be justifiably angry or upset about what has happened. Keeping your letter calm and polite will help you get your points across more clearly. Remember that the person you are dealing with might have had nothing to do with the problem you had.
- Don’t get personal Don’t insult members of the Group’s staff. Apart from being unreasonable behaviour, the response may lack focus if a defensive stance is taken.
- Request and respect timescales Ask when you can expect the Group to respond and resist any temptation to contact them again before that. However, if you do not receive a response on time, you should chase it.
- Include all necessary information Include all relevant details to help the Group to identify you and your concern correctly.
- Include all necessary evidence Send copies of all the key documents you have to evidence your complaint. Don’t send the originals as you might need them later. Also, don’t include additional documentation ‘just in case’. The more documents you send, the more likely it is that key information will be missed.
The ICO website
The ICO offers some additional advice on their website, please see the following link for information regarding raising a complaint with organisations that re handling your personal data: Raising a concern with an organisation – ICO
If you feel that the RNN Group has been unable, or unwilling, to resolve your information rights concern, you can raise the matter with the ICO.
They will use the information you provide, including the Group’s response to your concerns, to decide if your concern provides an opportunity to improve information rights practice. You can contact the ICO regarding this on the following link : Your personal information concerns