Last Updated: 22 May 2018
Our data protection policy statement reiterates the important data protection principles set out in the GDPR, it outlines out how we intend to comply with them and clarifies what rights and obligations an employee has both in relation to their own personal data and when handling other people’s personal data.
The EU General Data Protection Regulation (GDPR) requires us to comply with six data protection principles in our data processing activities. These say that personal data must be:
Businesses not only need to comply with these principles but also must be able to demonstrate that they comply. This is called the principle of accountability. So, we have implemented appropriate technical and organisational measures, including putting in place data protection policies and procedures and providing employee training, to ensure and be able to show that we carry out processing in accordance with the GDPR’s requirements.
Our GDPR Data Protection Policy sets out the principles and legal conditions that we, and your staff, must satisfy when processing personal data in the course of our business activities. This includes not only employees’ and other workers’ personal data but also personal data belonging to customers, clients and suppliers. The data protection principles are a central part of our policy statement as it outlines what those principles are and what our procedures are for ensuring that we comply with them. It also includes policy provisions governing the lawful basis for processing, subject access rights, the other rights of data subjects, data protection impact assessments and data retention and erasure. It’s intended to outline both our responsibilities, and the employee’s rights and obligations, in relation to the processing of personal data. That way, our employees should clearly understand how to implement the data protection principles and apply them in practice. Finally, we’ve confirmed to our employees that a failure to follow data protection requirements is a disciplinary offence. We have adopted our policy statement to ensure it reflects the specific operational practices and procedures that we’ve put in place in relation to data processing activities.
We are proud to be members of...