Active Support Service Ltd
General Data Protection Regulation Policy No: 60
Introduction and Purpose
· This policy document sets out principles and practices of Active Support Service in compliance with the General Data Protection Regulation in May 2018.
Policy Context - General Data protection Regulation in May 2018.
The General Data Protection Regulation in May 2018 regulates the use and processing of personal data held on computer and paper records.
Data protection law applies whenever a data controller processes personal data
Data protection law exists to strike a balance between individuals to privacy and the ability of organisations to use data for the purpose of their business.
As a service provider in the private sector health and social care organisations Active Support Service processes personal data relating to employees, customers and business contacts in order for it to fulfil its business requirements.
According to the Act, managers determine the purpose for which and the manner in which any personal data are, or to be processed.
Managers are obligated by the Act to ensure it complies with the requirements of the Act.
To comply with the act we will ensure the following
· It has mechanisms in place to sure its compliance with the eight data protection principles. The eight principles advocate fairness, transparency and openness in the processing of personal information by data controllers.
· The data protection leads are responsible for ensuring staff awareness of the principles and for the reviewing compliance across the organisation.
· It has mechanisms in place to ensure the compliance with the upholding of individual rights.
· Managers are responsible for ensuring staff awareness of individual rights and for the reviewing compliance in upholding these rights across the organisation.
Scope and application of the policy
This policy covers all aspects of personal data processed including;
Customer information
Staff information
This policy covers all types of information including;
· Structured record systems : paper and electronic
· Unstructured information : paper and electronic
· Transmission of information: email, post, telephone
This policy applied to all employees who provide or have access to personal data.
Policy statement
It is policy that the processing of personal data by, or on behalf of any of its customers shall be in accordance with the requirements of the Data Protection Act 1998.
Data Protection Framework
The management team is ultimately responsible for compliance with the Act with each manager performing the lead role within the respective area of the business and all senior manager and administration team have the responsibility for ensuring that systems and processes within their work areas comply with the Act requirements.
Data protection Assurance
Observe fully the conditions regarding the fair collection and use of information
Meet obligations to specify the purposes for which the information is used
Collect and process appropriate information, and only to the extent that is needed to fulfil operational needs or to comply with any legal requirements
Ensure the quality of information used
Apply strict checks to determine the length of time information is held
Ensure the rights of the of people about whom information is held are able to be fully exercised under the Act
Take appropriate technical and organisational security measures to safeguard personal information
Ensure that personal informational is not transferred abroad without suitable safe guards
Ensure everyone managing and handling personal information is made aware that they are contractually responsible for following good data protection practice
Ensure everyone managing and handling personal information is appropriately trained to do so
Ensure everyone managing and handling personal information is appropriately supervised
Ensure everyone wanting to make enquires about handling of information knows what to do
Ensure queries about handling information are promptly and courteously dealt with
Ensure methods of handling personal information is clearly described
Ensure a regular review and audit is made of the way personal information is managed
Ensure methods of handling personal information is regularly assessed and evaluated.
Policy motoring arrangements
This policy will be monitored and will be the subject to a regular review which will take place within six months from the original date of issue for this policy and at twelve monthly intervals thereafter.
Data retention schedule
Before any disposal of documents, management must double check legal requirements in case of legal changes.
Documents | How Long they are Stored |
Business Contract Agreements | Length of contract + Six (6) Years |
Pension | Minimum of Six (6) Years |
Workplace Injuries | Minimum of Three (3) years the maximum depends on general restrictions |
HMRC | Minimum of Six (6) Years |
Pre-Employment Checks | During employment +Three (3) Years |
Termination of employment due to health or stress | Three (3) Years |
Personnel File | Six (6) Years from end of employment |