Statement of compliance with the EU General Data Protection Regulations (GDPR)

At Johnson Electrical, we are fully committed to compliance with the letter and the spirit of the GDPR and other relevant UK data protection law. Where you entrust us with personal information, we take our responsibilities as a data processor and trusted custodian very seriously.

Organisational measures

All of our staff and agents are contractually bound to keep personal information confidential. The importance of this is regularly reiterated in staff training and awareness as well as company policy and processes. Customer-facing staff are also given training in ensuring that data subject rights are protected and that any breaches are reported without delay. We record all breaches, however minor, and near misses and we review this information to help us to continually improve our service. We undertake background checks on all staff, contractors and agents before they are permitted access to personal information.

Technical measures

Staff are not permitted to copy protected information onto their personal IT devices (laptops, smart phones, tablets, USB sticks, or cloud storage services) or to make copies of information for their own personal use in any form whatsoever. All systems containing personal information are protected by (at least) strong passwords and protection from brute-force attacks. Users are not permitted to share login credentials and are obliged to change credentials whenever they suspect another person may have learned them. Where appropriate and feasible, additional security measures such as two-factor authentication, encryption and activity alerts are also employed. All transfers of personal information over the Internet use encryption unless you have specifically asked us to use email (which is not inherently secure). We are continually reviewing and improving our technical security measures in line with the guidance of our IT service providers and general guidance on best practice.

Process and policy

We have carried out a data protection audit and maintain records in accordance with Article 30. We have adopted a general statement of policy which sets out our company commitment and the responsibilities that we have. We have carried out due diligence on all suppliers, professional advisers and service providers that we share personal information with and are in the process of arranging new contracts containing the mandatory provisions for data processors We have reviewed our existing policies and processes with regard to data protection to ensure they comply with the new requirements and we have updated our privacy notices accordingly. We are also introducing robust processes to deal with data subject requests and breach notifications within the required time frames. If you have any further questions regarding our GDPR compliance, please address them to: Martin Johnson,