Data Protection & GDPR

Lumo Systems LTD is committed to protecting personal data and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We design and deliver systems with data protection in mind from the outset. Our approach follows key principles including data minimisation, secure processing, and controlled access.

Personal data is only processed where necessary and is limited to what is required to deliver the agreed service. Access to data is restricted to authorised individuals and is managed through appropriate authentication and access controls.

We implement security measures appropriate to the nature of the data and the environment in which it is processed. This includes encryption where applicable, secure storage practices, and monitoring of access and usage.

We support clear data retention policies, ensuring that data is not held longer than necessary. Where required, we assist clients in defining retention and deletion processes aligned with their obligations.

In the event of a data incident, we follow defined procedures to assess, contain, and report issues in line with regulatory requirements.

We work closely with clients to ensure that data handling practices align with their governance, security, and compliance frameworks.