Data Breach Policy
Recruitment Direct UK Limited
Herkimer House
Mill Road Industrial Estate
Linlithgow
EH49 7SF
Scotland
United Kingdom
1. Statement
Recruitment Direct UK Limited (“RDUK”, “we”, “our” or “us”) is committed to protecting personal information, confidential business information and company data.
This policy sets out the procedures for identifying, reporting, investigating and responding to actual or suspected data breaches in accordance with UK GDPR, the Data Protection Act 2018 and other applicable legal requirements.
2. Purpose
The purpose of this policy is to:
- Protect personal and confidential information.
- Ensure prompt reporting of data breaches.
- Minimise the impact of security incidents.
- Support compliance with UK GDPR and data protection legislation.
- Protect applicants, workers, clients and business operations.
- Support business continuity and recovery.
3. Scope
This policy applies to:
- Employees
- Workers
- Directors
- Contractors
- Consultants
- Suppliers with authorised access to company systems
The policy applies to all personal data and confidential information processed by Recruitment Direct UK Limited.
4. What Is a Data Breach?
A data breach is any event that results in the accidental or unlawful:
- Access to information.
- Disclosure of information.
- Loss of information.
- Destruction of information.
- Alteration of information.
- Unauthorised use of information.
Examples include:
- Sending information to the wrong recipient.
- Loss or theft of devices.
- Unauthorised access to systems.
- Cyber attacks.
- Malware infections.
- Accidental deletion of information.
- Disclosure of confidential information.
5. AI-Assisted Compliance and Monitoring
Recruitment Direct UK Limited may utilise artificial intelligence (“AI”), machine learning and automated technologies to support compliance, information security and data management activities.
These technologies may assist with:
- Identifying unusual system activity.
- Monitoring compliance processes.
- Identifying duplicate, incomplete or inaccurate records.
- Supporting GDPR compliance activities.
- Monitoring document expiry dates and retention periods.
- Supporting audit and reporting processes.
All AI-assisted activities remain subject to appropriate human oversight and review.
6. Reporting a Data Breach
Any actual or suspected data breach must be reported immediately to management.
Information that should be reported includes:
- Date and time of the incident.
- Nature of the breach.
- Information involved.
- Individuals potentially affected.
- Actions already taken.
Prompt reporting is essential to minimise risk and comply with legal obligations.
7. Investigation and Response
Recruitment Direct UK Limited will:
- Investigate reported incidents promptly.
- Assess the nature and severity of the breach.
- Identify affected information and individuals.
- Take steps to contain and mitigate the incident.
- Implement corrective actions where appropriate.
- Maintain records of breach investigations and outcomes.
8. ICO and Regulatory Reporting
Where required by law, Recruitment Direct UK Limited will report personal data breaches to the Information Commissioner's Office (ICO) without undue delay.
Where appropriate, affected individuals may also be informed.
9. Existing Security Controls
Recruitment Direct UK Limited maintains a range of security measures including:
- Cyber Essentials certification.
- Cloud-based data storage systems.
- Daily automated backups.
- Access controls and user permissions.
- Secure authentication procedures.
- Secure remote and hybrid working arrangements.
- AI-assisted compliance and database management technologies.
These controls are designed to reduce the likelihood and impact of data breaches.
10. Business Continuity and Recovery
Recruitment Direct UK Limited stores business and recruitment data within secure cloud-based systems.
Daily backups are maintained to support recovery, business continuity and operational resilience.
Where appropriate, recovery procedures will be implemented to restore access to systems and information following an incident.
11. Responsibilities
All employees, workers and authorised users are responsible for:
- Protecting personal and confidential information.
- Following company security procedures.
- Reporting actual or suspected breaches immediately.
- Co-operating with investigations where required.
12. Review
This policy will be reviewed annually or sooner if required by legislative, regulatory, technological or business changes.
Director Approval
I confirm that this Data Breach Policy has been reviewed and approved on behalf of Recruitment Direct UK Limited.
__________________________________________


