Data Breach Policy

    Recruitment Direct UK Limited

    Herkimer House

    Mill Road Industrial Estate

    Linlithgow

    EH49 7SF

    Scotland

    United Kingdom

    Document Owner:Recruitment Direct UK Ltd
    Version:1.0
    Effective Date:11 June 2026
    Review Date:11 June 2027

    1. Statement

    Recruitment Direct UK Limited (“RDUK”, “we”, “our” or “us”) is committed to protecting personal information, confidential business information and company data.

    This policy sets out the procedures for identifying, reporting, investigating and responding to actual or suspected data breaches in accordance with UK GDPR, the Data Protection Act 2018 and other applicable legal requirements.

    2. Purpose

    The purpose of this policy is to:

    • Protect personal and confidential information.
    • Ensure prompt reporting of data breaches.
    • Minimise the impact of security incidents.
    • Support compliance with UK GDPR and data protection legislation.
    • Protect applicants, workers, clients and business operations.
    • Support business continuity and recovery.

    3. Scope

    This policy applies to:

    • Employees
    • Workers
    • Directors
    • Contractors
    • Consultants
    • Suppliers with authorised access to company systems

    The policy applies to all personal data and confidential information processed by Recruitment Direct UK Limited.

    4. What Is a Data Breach?

    A data breach is any event that results in the accidental or unlawful:

    • Access to information.
    • Disclosure of information.
    • Loss of information.
    • Destruction of information.
    • Alteration of information.
    • Unauthorised use of information.

    Examples include:

    • Sending information to the wrong recipient.
    • Loss or theft of devices.
    • Unauthorised access to systems.
    • Cyber attacks.
    • Malware infections.
    • Accidental deletion of information.
    • Disclosure of confidential information.

    5. AI-Assisted Compliance and Monitoring

    Recruitment Direct UK Limited may utilise artificial intelligence (“AI”), machine learning and automated technologies to support compliance, information security and data management activities.

    These technologies may assist with:

    • Identifying unusual system activity.
    • Monitoring compliance processes.
    • Identifying duplicate, incomplete or inaccurate records.
    • Supporting GDPR compliance activities.
    • Monitoring document expiry dates and retention periods.
    • Supporting audit and reporting processes.

    All AI-assisted activities remain subject to appropriate human oversight and review.

    6. Reporting a Data Breach

    Any actual or suspected data breach must be reported immediately to management.

    Information that should be reported includes:

    • Date and time of the incident.
    • Nature of the breach.
    • Information involved.
    • Individuals potentially affected.
    • Actions already taken.

    Prompt reporting is essential to minimise risk and comply with legal obligations.

    7. Investigation and Response

    Recruitment Direct UK Limited will:

    • Investigate reported incidents promptly.
    • Assess the nature and severity of the breach.
    • Identify affected information and individuals.
    • Take steps to contain and mitigate the incident.
    • Implement corrective actions where appropriate.
    • Maintain records of breach investigations and outcomes.

    8. ICO and Regulatory Reporting

    Where required by law, Recruitment Direct UK Limited will report personal data breaches to the Information Commissioner's Office (ICO) without undue delay.

    Where appropriate, affected individuals may also be informed.

    9. Existing Security Controls

    Recruitment Direct UK Limited maintains a range of security measures including:

    • Cyber Essentials certification.
    • Cloud-based data storage systems.
    • Daily automated backups.
    • Access controls and user permissions.
    • Secure authentication procedures.
    • Secure remote and hybrid working arrangements.
    • AI-assisted compliance and database management technologies.

    These controls are designed to reduce the likelihood and impact of data breaches.

    10. Business Continuity and Recovery

    Recruitment Direct UK Limited stores business and recruitment data within secure cloud-based systems.

    Daily backups are maintained to support recovery, business continuity and operational resilience.

    Where appropriate, recovery procedures will be implemented to restore access to systems and information following an incident.

    11. Responsibilities

    All employees, workers and authorised users are responsible for:

    • Protecting personal and confidential information.
    • Following company security procedures.
    • Reporting actual or suspected breaches immediately.
    • Co-operating with investigations where required.

    12. Review

    This policy will be reviewed annually or sooner if required by legislative, regulatory, technological or business changes.

    Director Approval

    I confirm that this Data Breach Policy has been reviewed and approved on behalf of Recruitment Direct UK Limited.

    Name:Steven Peddie
    Position:Director
    Date:11 June 2026
    Signature:
    Steven Peddie Signature__________________________________________

    Compliance, Quality & Security

    Recognised standards supporting consistent, compliant recruitment delivery.

    Constructionline Gold

    Gold Member

    1324569

    Cyber
    Essentials

    Certified

    4686a995

    ISO
    9001:2015

    Quality Management

    GB2006088

    REC
    Membership

    Corporate Member

    00207320

    Verified credentials. Transparent proof. Trusted delivery.