INFORMATION

At O'Brien Consultancy Group, I understand the importance of data privacy and security. This Data Handling Policy outlines how I manage and protect the data of all those accessing or using the services. I am committed to ensuring your data is handled securely and ethically. Explore the details below to understand how OCG  protects your information.

 

 

PROTECTING YOUR PRIVACY

We recognize that privacy is a paramount concern for individuals and organizations alike. At O'Brien Consultancy Group, we are dedicated to addressing these concerns through transparent and robust data handling practices. This policy serves as a guide to understanding how we collect, use, and safeguard your data.

OCG COMMITMENT TO SECURITY 

O'Brien Consultancy Group employs rigorous measures to ensure data is handled securely and ethically. Our Data Handling Policy is the cornerstone of this commitment, outlining specific procedures and protocols designed to protect your information from unauthorized access, use, or disclosure. By adhering to this policy, we maintain the highest standards of data protection.

UNDERSTANDING DATA PROTECTION

OCG's aim is that after reading this policy, you will have a clear understanding of how O'Brien Consultancy Group protects your data. OCG want you to feel confident that your information is handled with the utmost care and in compliance with all applicable data protection laws and regulations. If you have any questions or concerns, please do not hesitate to contact OCG.

DATA HANDLING POLICY 

 

Effective Date: 01/11/2025
Last Reviewed: 10/10/2025
Next Review Date: 10/10/2026

  1. Purpose

This policy explains how O'Brien Consultancy Group collects, processes, protects, and shares personal data from consultancy services for care providers and special schools, ensuring compliance with UK GDPR and other laws.

  1. Scope

Applies to:

  • All O'Brien Consultancy Group staff, contractors, and consultants
  • Personal and sensitive data from business activities
  • Data from clients, service users (children, residents), and employees
  1. Data Principles

We follow UK GDPR's seven principles. Personal data must be:

  • Processed lawfully, fairly, and transparently
  • Collected for legitimate purposes
  • Limited to what is necessary
  • Accurate and up-to-date
  • Stored only as long as necessary
  • Processed securely
  • Accountability ensured
  1. Types of Data Collected

We process:

  • Client data (name, role, contact, billing)
  • Service user data (case summaries, care plans, anonymised assessments)
  • Employee data (ID, qualifications, payroll, DBS checks)
  • Website data (enquiries, analytics, cookies)
  1. Lawful Basis for Processing

We process data under:

  • Contractual necessity – fulfilling agreements
  • Legal obligation – meeting safeguarding and regulations
  • Legitimate interests – improving services and relationships
  • Consent – newsletters, case studies
  • Vital interests – protecting individuals
  1. Data Collection and Use

Data is collected via:

  • Contact forms, enquiries
  • Email, phone, video calls
  • Consultancy reports, audits
  • Staff onboarding

It is used for:

  • Providing services
  • Compliance audits
  • Communication
  • Admin and billing
  • Legal duties
  1. Data Storage and Security

Data security measures include:

  • Encrypted electronic storage
  • Locked physical records
  • Restricted data access
  • Password-protected devices
  • Encrypted emails
  • GDPR-compliant cloud providers
  1. Data Sharing

Data is shared with:

  • Regulatory or safeguarding bodies (as required)
  • Contractors under agreements
  • IT/admin service providers under GDPR compliance

We do not sell or share data for marketing purposes.

  1. Data Retention

Retention periods:

  • Client records – retained for years post-project
  • Employee records – 6 years post-employment
  • Anonymised data – for training/research with consent

Data is securely deleted after retention expires.

  1. Data Subject Rights

Individuals can:

  • Access, correct, or delete their data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent anytime

Contact the Data Protection Officer at 📧 [Insert contact email]. Responses within one month.

  1. Data Breach Procedure

Report breaches to the Data Protection Officer. The DPO will:

  • Assess and contain issues
  • Log breach details
  • Notify ICO and affected parties if required
  • Prevent recurrence
  1. Staff Responsibilities

All staff must:

  • Comply with this policy
  • Complete annual training
  • Report breaches or misuse

Non-compliance may lead to disciplinary action.

  1. Data Protection Officer

Name: Kieron O'Brien
Email: obrienconsultancygroup@gmail.com