Introduction
The purpose of this policy is to comply with the law in respect of the data it holds about individuals, follow good practice,
protect our customers, staff and other individuals, and protect the organisation from the consequences of a breach of its responsibilities. The policy seeks to meet the legal obligations as outlined in the Data Protection Act of 1998.
Data Protection Principles
1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Policy Statement
Safetray Products Limited will:
- comply with both the law and good practice
- respect individuals’ rights
- be open and honest with individuals whose data is held
- provide training and support for staff who handle personal data, so that they can act confidently and consistently.
Safetray Products Limited recognises that its first priority under the Data Protection Act is to avoid causing harm to individuals. In the main this means keeping information securely in the right hands, and holding good quality information.
Secondly, the Act aims to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account. In addition to being open and transparent, Safetray Products Limited will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.
Key Risks
Safetray Products Limited has identified the following potential key risks, which this policy is designed to address:
Breach of confidentiality (information being given out inappropriately) especially through emailing
Harm to individuals if personal data is not up to date
Insecurity of electronic database
Data Protection Officer
The Data Protection Officer is currently Martina Zupan, with the following responsibilities:
- Reviewing Data Protection and related policies
- Advising other staff on Data Protection issues
- Ensuring that Data Protection induction and training takes place
- Approving unusual or controversial disclosures of personal data
Staff
All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.
Enforcement
Significant breaches of this policy will be handled under Safetray Products Limited’s disciplinary procedures.