Introduction to GDPR
The Company is committed to meeting its data protection obligations and being transparent about the processing of personal data as defined under the General Data Protection Regulations 2018. As an organisation, we have a need to obtain and use personal data about those with whom we come into contact, whether this be employees, professional contacts, members of the public etc, in order to carry out our work. Under GDPR legislation we are required to handle and process this data lawfully. This policy details the requirements and responsibilities in this respect, as well as our actions to ensure compliance. This policy applies to the personal data of job applicants, employees, workers, and former employees. This type of data is referred to as HR-related personal data.
GDPR is concerned with the following aspects:
Data Protection Principles
The Company will process HR-related personal data in line with the six data protection principles:
Any personal data held, either in electronic or paper formats, will be stored securely and only used for the purposes for which it has been obtained. This personal data will be stored for appropriate timescales as determined by legislation. Any electronic devices, i.e. computer systems, mobile phones, tablets etc will be completely reset and wiped before they are sold on/disposed of or no longer used by the Company.
Where the Company relies on third parties to process or handle personal data on its behalf, such parties are subject to written contracts with regards to compliance with necessary legislation and requirements.
Data Access and Accuracy
All individuals have the right to access personal data held about them. The Company will take steps to ensure this information is up to date, by making any changes it is notified of, and/or routinely ensuring that information is still correct and accurate.
Subject Access Requests
Individuals can make a request from which the Company will confirm to him/her:
The Company will also provide to the individual a copy of the personal data undergoing processing.
To make a Subject Access request please email the HR Manager where the Company will aim to deal with the request as soon as is reasonably practicable and within one month of the request being made. It should be noted where the request is manifestly unfounded or excessive the Company is not legally obliged to comply with the request.
If the Company becomes aware of any data breaches that pose a risk to individuals, these will be reported to the Information Commissioner within 72 hours. All breaches will be recorded regardless of whether they are reportable.
If the breach is likely to result in high risk, the individuals concerned will be notified and provided with information regarding actions taken.
International Data Transfers
The Company does not transfer HR-related personal data outside of the EEA.