Data Protection & Cyber Security

Introduction

At the National Residential Landlords Association (NRLA), we take the protection of our members' personal data very seriously. We have implemented a comprehensive set of measures to ensure that your information is secure and handled with the utmost care. Here are the steps we take to protect your personal data:

1. Robust Data Protection Policies

Our data protection policies are designed to comply with the Data Protection Act 2018 and other relevant legislation. We conduct annual reviews of our data protection position to ensure compliance and identify areas for improvement.

2. Regular Training and Awareness

We believe that the human element is crucial in data protection. Therefore, we provide regular training and awareness sessions for our staff to ensure they are up-to-date with the latest data protection practices.

3. Secure Data Handling

All personal data is stored in encrypted databases, both in transit and at rest. This ensures that your information is protected from unauthorised access.

4. Regular Audits and Reviews

We conduct regular audits and reviews of our data protection and cyber-security measures. This includes penetration testing, Cyber Essentials Plus certification, and ISO27001 reviews.

5. Incident Management

In the unlikely event of a data breach, we have a robust incident management process in place. Our Data Protection Manager maintains a register of personal data breaches, which is reviewed annually by our board of directors to identify trends and mitigate future risks.

6. Use of Advanced Technologies

We utilise advanced technologies such as Microsoft Intune to manage and secure devices that access NRLA data. This includes both company-issued devices and personal devices used by our staff.

7. External Expertise

We work with external specialists to ensure our data protection and cyber-security measures are up to industry standards. This includes regular consultations and reviews by our retained Data Protection Officer.

8. Transparency and Accountability

We are committed to transparency and accountability in our data protection practices. We report quarterly to our board on data protection and cyber-security matters and carry out two annual reviews of our protections and procedures.

9. Cyber Essentials Plus and IASME Accreditation

We are proud to have achieved Cyber Essentials Plus and IASME accreditation, demonstrating our commitment to maintaining the highest standards of cyber-security and data protection.

10. Commitment to GDPR Compliance

We are fully committed to complying with the General Data Protection Regulation (GDPR). This includes ensuring that all personal data is processed lawfully, fairly, and transparently. We have appointed Evalian Limited as our outsourced Data Protection Officer to oversee our GDPR compliance efforts1.

By implementing these measures, we aim to provide our members with the confidence that their personal data is safe and secure with the NRLA.