Pescado Holdings and all its subsidiary businesses (referenced in this document as ‘Pescado’) need to gather and process certain information about Individuals.
These can include Customers, Suppliers, Business Contacts, employees and other people the organisation has a relationship with or may want to contact. This document with provide the policies and the procedures that the business will adhere to ensure that it remains compliant with the General Data Protection Regulation introduction into the UK on 25th May 2018.
The Document will cover how personal data is collected, handled and stored to meet the new regulation and comply with UK Law.
The IT and Data Protection Policy ensures Pescado:
The new General Data Protection Regulation (GDPR) is, like the Data Protection Directive (DPD), underpinned by a number of data protection principles which drive compliance. While the data protection principles under the GDPR are similar to those found in in the DPD, certain concepts are more fully developed.
GDPR has over 99 articles relating to personal data and how it is processed. A key article is Article 5 which introduces the principles on which personal data can be processed.
Data must be process in a lawful, fair and transparent manner
Personal data shall be collected and processed in a specific and legitimate way.
Personal Data shall be adequate relevant and limited to what is necessary.
Data shall be accurate and where necessary, kept up to date.
Personal data shall be retained in a form which permits identification of data subjects for no longer than is necessary.
Personal data shall be processed in a manner that ensures appropriate
security of personal data.
The Controller and Processer shall be responsible for and be able to
demonstrate compliance with GDPR.
This policy applies to:
IT applies to all data that the company holds relating to identifiable individuals, even if that information technical falls outside of GDPR. This can include:
Everyone who works or with Pescado has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of Responsibility:
These rules describe how and where data should be safely stored. Questions about storing data safely can directed to the IT Director, Dave Powell.
When Data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed for some reason.
When Data is stored electronically, it must be protected from unauthorised access,
accidental deletion and malicious hacking attempts:
Personal Data is of no value to Pescado unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
The General Data Protection Regulation requires Pescado to take reasonable steps to ensure data is kept accurate and up to date.
The more important the data is, the more important it is that it is accurate, Pescado will make a greater effort to ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept accurate and up to data as possible.
All Individuals who are the subject of personal data held by Pescado are entitled to:
If an individual contact the company requesting this information, this is called a subject access request.
Subject access requests form individuals should be made by email and addressed to
email@example.com (Pescado DPO) Individuals will be charged £25 per subject access request. Pescado will aim to provide the relevant information within 30 days. Pescado will always verify the identity of anyone making a subject access request before handing over any information.
In certain circumstances, the General Data Protection regulation allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, Pescado will disclose all requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisors where necessary.
Pescado aims to ensure that individuals are aware that their data is being processed, and that they understand:
To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.
Sign up to get the latest news, insights, views
and events from Pescado