(in accordance with General Data Protection Regulations)
Any operation or set of operations performed upon personal data or sets of personal data.
Identified or identifiable living individual to whom personal data relates.
Natural or legal persons, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data.
Natural or legal persons, public authority, agency or other body which processes personal data on behalf of the Controller.
Any information relating to an identified or identifiable individual, whether directly (i.e. name, personnel number, location data or on- line indicator) or indirectly (i.e. where the individual is identifiable by reference to one or more factors specific to their physical, psychological, genetic, mental, economic, cultural or social identity).
Special Category Data:
Special Category Data is information relating to;- racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, genetic data, biometric data, a person’s age, data concerning health, data concerning a natural person’s sex life or sexual orientation.
The Company needs to gather and process certain information about individuals (Personal Data). Such individuals may include employees, customers, suppliers and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to the requirements of the General Data Protection Regulations.
This Policy should be read in conjunction with the Company’s Privacy Statements.
This Data Protection Policy ensures Synergy Global Consulting Ltd;
“The General Data Protection Regulations” which became effective on 25th May 2018 replaced “The Data Protection Act 1998.
The Regulations describe how organisations, including Synergy Global Consulting Ltd. must collect, access, organise, store and destroy personal data (i.e. Processing).
Not only must the Company comply with the law regarding the processing of personal data safely and lawfully, the Company must demonstrate its compliance with the law.
The rules apply regardless of whether data is stored electronically, on paper or on other materials (e.g. CCTV)
The General Data Protection Regulations are underpinned by the following important principles;-
Lawfulness, fairness and transparency:
Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Personal data must be collected only for specified, explicit and legitimate purposes.
Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
Personal data must be accurate and where necessary kept up to date.
Personal data which is kept in a form which Permits identification of data subjects must be kept for no longer than is necessary for the purpose for which data is processed.
Integrity and Confidentiality:
Personal data must be processed in a manner that, through use of technical or organisational measures, ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
The data controller is responsible for and must be able to demonstrate compliance with the other data protection principles.
It is the responsibility of all employees who work with personal data to take reasonable steps to ensure it is collected, stored and handled appropriately and is kept as accurate and up to date as possible. The following people however have key areas of responsibility;-
The Directors are ultimately responsible for ensuring Synergy Global Consulting Ltd. meets its legal obligation in respect to personal data.
The Data Protection Officer/Human Resources Manager is responsible for;
The IT Manager is responsible for;
The Marketing Manager is responsible for;
Employees must be mindful of their responsibilities in respect of processing data. In particular employees must identify a lawful basis for processing personal data, these comprise;
Performance of a Contract:
Where the organisation has a contract with an individual and needs to process their Personal data to comply with its obligations under the contract.
Where the organisation needs to process An individual’s personal data to comply with a common law or statutory obligation.
Where the individual gives their consent. This must be freely given, specific, Informed and unambiguous.
Where the organisation identifies a legitimate interest in in “processing”
Where the organisation needs to process the individual’s personal data to protect someone’s life.
Relevant to Public bodies.
The only people able to access personal data are those who need to do so for their work and should do so in accordance with one (or more) of the lawful basis identified above.
Data should not be shared informally or where there is no lawful basis, either within the Company or externally. Moreover personal data must be held in as few places as necessary. Employees must not create unnecessary additional data sets.
In addition the Company will at times need to process Special Category Data (or Sensitive Data). In such circumstances, the Company must identify at least one additional lawful ground (in addition to the general processing grounds, to justify processing special category data.
It is when personal data is accessed and used, that it can be at greatest risk of loss, corruption or theft.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts;
the personal data and can show processing is necessary to achieve it. This requires the organisation to balance its needs against the interests, rights and freedoms of the individual. This is best done by completing a Privacy Impact Assessment.
Where data is stored on paper, it should be safely stored in a secure place where unauthorised personnel cannot see it. In particular;-
These responsibilities also apply to data that is usually stored electronically but has been printed out for some reason.
Individuals who are the subject of personal data held by Synergy Global Consulting Ltd are entitled to be;
Synergy Global Consulting Ltd may face significant fines for a data breach or for failing to adhere to the General Data Protection Regulations.
Employees should be aware they can be criminally liable if they knowingly or recklessly disclose personal data. Serious breaches of this Policy may be treated as a disciplinary offence.
Policy Prepared by: Tony Culpin
Approved on: 25/5/2018
Operational on: 25/5/2018
Register your email address here and we will notify you of all important updates.