-
check_circle
Do not request passports, driving licences or personal ID at the initial EOI stage unless expressly required by an appointed provider later.
-
check_circle
Separate business-energy documents from any sensitive personal documents if received by mistake.
-
check_circle
Use SharePoint/Teams folders with role-based permissions rather than uncontrolled email attachments where possible.
-
check_circle
Keep an audit trail of consent, document requests, referrals and deletion requests.
-
check_circle
Delete or archive incomplete enquiries after a defined period unless there is a valid reason to retain them.
-
check_circle
Restrict access to any sensitive document folder and do not load sensitive personal documents into a dialler or marketing spreadsheet.