General Data Protection Regulations

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018.

This section sets out information, for customers, suppliers, and others that have a relationship with Oyster Consultants Limited, on Oyster Consultants Limited’s GDPR compliance.

Data Protection Officer

Oyster Consultants Limited does not require a Data Protection Officer.  Rachael Harris, Director, leads on all data protection issues.

Processing of Data

Oyster Consultants Limited deals directly with consumers and businesses. All information about people, irrespective of whether it is a business or consumer, will be treated with the same level of care.

Oyster Consultants Limited is both Controller and Processor of the data that it holds.  It uses data to:

  • Filter and select candidates
  • Create contracts with both customers and suppliers
  • Raise invoices
  • Pay invoices
  • Communicate
  • Prove eligibility to work in the UK

No unnecessary data is held.

Data is held in four ways:

  • Data Server
  • Accounting Software
  • E-mail
  • Mailing Service

Data is accessed by desktop/laptop and mobile devices.  All such devices have password or other device-specific security.  All passwords are complex.

Data Server

Oyster Consultants Limited holds data securely through OneDrive for Business services. This policy is backed by Microsoft agreements and reaffirmed by the adoption by many Microsoft services of the world’s first international code of practice for cloud privacy, ISO/IEC 27018.

Accounting Software

We use Sage to processes accounting information.  Our Accountant accesses Sage to prepare end-of-year accounts.


Oyster Consultants Limited uses Office365 for e-mail, with local copies of e-mail on laptops.  All laptops are password secured and encrypted.

Access to Data

Should you want to see, or obtain a copy of, the data that we hold about you, please contact Rachael Harris at

Deletion of Data

Should you want us to delete the data that we hold about you, please contact Rachael Harris at  Please note that we cannot delete financial or contractual information for seven years.  Should you receive a mailing from us and want to opt-out, click the button at the bottom of the e-mail.

Data Breach Policy

If we are notified of or detect a data breach we will first investigate to ensure that the source of the breach is identified and, if necessary, closed.  If our investigation shows that there has been a breach we will:

  • Notify the Information Commissioner’s Office and other bodies as appropriate
  • Assess the level of risk of the accessed data
  • Notify those impacted by the breach and inform them of any actions that they should take
  • Take appropriate steps to stop the breach being repeated

Back to top