Name of company
RG and MF Sadler Electrical
Registered office
29 Nene Valley Business Park
Peterborough PE8 4HN
Contact details
Tel: 01832 273667
E-mail: Admin@sadlerelectrical.plus.com
Fax: 01832 274054
Company Registration No. 1512430
VAT no.359923803
Regulatory authority
Data Handling Policy
Introduction
Companies should do everything in their power to ensure the safety and security of any material of a personal or sensitive nature.
It is the responsibility of all members of staff to take care when handling, using or transferring personal data that it cannot be accessed by anyone who does not:
• Have permission to access that data
• Need to have access to that Data
Any loss of personal data can have serious effects for individuals and / or companies concerned, can bring the company into disrepute and may we result in disciplinary action and /or criminal prosecution. All transfer of data is subject to the risk of loss or contamination.
Anyone who has access to personal data must know, understand and adhere to this policy, which brings together the legal requirements contained in relevant data regulations.
The regulations lays down a set of rules for processing of personal data (both structured manual records and digital records). It provides individuals with rights of access and security and requires users of that data to be open about how it is used and follow ``good information handling principles’’.
Policy Statements
RG & MF Sadler (Electrical) Ltd will hold only the minimum personal information necessary to enable it to perform its function and information will be erased once the need for it to be held has passed.
Every effort will be made to ensure that information is accurate, up to date and that inaccuracies are corrected without unnecessary delay. All personal data will be fairly obtained and lawfully processed.
Personal Data
RG & MF Sadler (Electrical) Ltd and staff will have access to a wide range of personal information and data. The data may be held in digital format or paper records.
Personal data is defined as any combination of data items that identifies an individual and provides specific information about them, their families or circumstances.
This could include the following:
• Personal information about members of staff, clients, suppliers and their representatives.
• Names, addresses, contact details, references, health records and disciplinary records.
• Professional records e.g. employment history, taxation and national insurance records.
Responsibilities
The Directors will assume the role of the companies administrators, They will keep up to date with current legislation, guidance and will carry out the following:
• determine and take responsibility for the companies data handling policy.
• manage what information is held and for what purpose.
• how information has been amended or added over time.
• who has access to protected data and why.
Everyone within the company has the responsibility of handling protected or sensitive data in a safe and secure manner.
Training and Awareness
All staff will receive data handling awareness/data protection training and will be made aware of their responsibilities, as described in this policy through:
• Induction training for new staff.
• Staff meetings and briefings.
• Day to day support and guidance from the Directors.
Identification of Data.
RG & MF Sadler (Electrical) Ltd, staff and delivery partners recognise four different impact levels of data and information as follows:
• IL1 – Not Protectively Marked, All staff have access.
• IL2 – Protected, All staff have access with permission of the Directors and Manager.
• IL3 – Restricted, Access is restricted to the Directors and Manager.
• IL4 – Confidential, Access only by the Directors.
RG & MF Sadler (Electrical) Ltd will ensure that all staff and delivery partners comply with the above restrictions applying to access to, handling and storage of data classified as, Protected, Restricted or Confidential.
All documents containing information or data as outlined in the Personal Data section (regardless of if they exist in manual or digital form) that contain protected data (IL2- Protected or above) will be disposed of when not required via shredding on site.
Secure Storage of and Access to Data.
RG & MF Sadler (Electrical) Ltd have systems in place so that the existence of protected files are secure from unauthorised persons and that the Directors will assign clearance that will determine which files are accessible.
All storage media must be stored in an appropriately secure and safe environment that avoids physical risk, loss or electric degradation.
Private equipment (i.e. owned by the user) must not be used to store personal data.
All paper based IL2 – Protected material must be held in a lockable storage when taken from the office.
RG & MF Sadler (Electrical) Ltd recognises that people have a number of rights in connection with their personal data, the main one being the right of access.
Procedures are in place to deal with peoples or companies request for access i.e. a written request to see all or part of the personal data held by the company in connection with that persons or company data.
Also under circumstances the person or company may exercise their rights in connection with the rectification; blocking; erasure and destruction of data.
Audit Logging / Reporting / Incident Handling.
Audit logs will be kept to provide evidence of accidental or deliberate security breaches – including the loss of protected data or breaches of an unacceptable use of data.
Should a breach occur RG & MF Sadler (Electrical) Ltd will carry out the following:
• Appoint a Director to investigate the incident.
• After investigation provide a plan of action for a rapid resolution.
• Implement an action plan to ensure recurrence of the breach is avoided. This may be by further restrictions of access or training.
Document Title: |
RG & MF Sadler (Electrical) Ltd |
Data Handling Policy |
||
Revision |
Date |
Changes |
Purpose of Issue |
Originator |
Issue 1 |
May 2018 |
First Issue |
Approval |
NB |