As an IT support provider Network Limited has privileged access to the data held by our clients. We therefore take IT security and the GDPR very seriously.

Some of the steps that we have taken to meet with the GDPR are:

1. Extensive staff training on understanding what personal data is and limiting access to personal data to a "need to know basis" where possible.
2. Identifying where our clients store personal data and taking the necessary steps to ensure that personal data is carefully protected using encryption and two layers of password protection.
3. Extensive staff training on cyber security including regular reviews of the latest cyber threats and the internal sharing of information about the latest phishing and malware attacks.
4. Layered protection of usernames and password in double encrypted password vaults. Staff only have access to the usernames and passwords that they need to carry out their jobs.
5. Two factor authentication on all Network Limited accounts and services where available.
6. Regular patching of all routers and devices that Network Limited manage.
7. Further measures such as physical office security, implementation of Data Loss Prevention rules, use of password pushers, routine encryption of documents sent externally and other GDPR best practice policies.

Network are Cyber Essentials Certified. This certification is reviewed and renewed on a yearly basis. This certification ensures we are following correct processes and procedures as data handlers for customers.