(GDPR) General Data Protection Regulations Policy 2018
Data Protection Statement
Thompsons Group Ltd recognises its duties under current legislation and will endeavour to meet the requirements of this legislation and maintain a data protection working environment.
All Managers and Supervisors are informed of their responsibilities to ensure they take all reasonable precautions, to ensure the data protection of those that are likely to be affected by the operation of the business.
Our Company Data Protection Policy refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.
Employees of our company and its subsidiaries must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc.
Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.
Our data will be:
Accurate and kept up-to-date
Collected fairly and for lawful purposes only
Processed by the company within its legal and moral boundaries
Protected against any unauthorised or illegal access by internal or external parties
Our data will not be:
Stored for more than a specified amount of time
Transferred to organisations, states or countries that do not have adequate data protection policies
Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we must:
Let people know which of their data is collected
Inform people about how we’ll process their data
Inform people about who has access to their information
Have provisions in cases of lost, corrupted or compromised data
Allow people to request that we modify, erase, reduce or correct data contained in our databases
In support of this Policy a responsibility chart and more detailed arrangements have been prepared.
The Policy is reviewed on a periodic basis.
In order to ensure that the data protection Act is successfully managed within the organisation, the following responsibilities have been allocated.
The Managing Director accepts overall responsibility for all matters, including those regarding Data Protection.
Managers are responsible for ensuring that the Data Protection policy is implemented within their own departments. Managers must monitor the workplace to ensure that the policy arrangements are maintained. Where risks are identified the manager must ensure that these are rectified, so far as is reasonably practicable.
Management Duties include the following:
Managers should ensure that staff are made aware of the need to follow such security measures. In particular, make clear to their employees that the use of less secure file transfer facilities such as Dropbox, Google Drive and personal email accounts may potentially put the security of that personal data at risk and be in breach of the business’s obligations under the DPA.
To exercise data protection, we’re committed to:
• Restrict and monitor access to sensitive data
• Develop transparent data collection procedures
• Train employees in online privacy and security measures
• Build secure networks to protect online data from cyberattacks
• Establish clear procedures for reporting privacy breaches or data misuse
• Include contract clauses or communicate statements on how we handle data
• Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)
All employees must:
• Report any knowledge of personal data being shared with colleges to your direct manager.
• If any personal details are found this must be handed to your manager and not discussed with another employee.
• When in the office you must not read any documents or access any computer without authorisation and supervision from your manager.
• Never leave your computer unattended when still logged on please ensure you have logged out before leaving the office.
• Don’t leave documents containing personal details on view. If your required to write any personal details down, please enter them on the system and shred the copy.
Data Protection Assistance
Competent persons have been appointed to assist us in meeting our data protection obligations. These people will be given sufficient training and information to ensure that statutory provisions are met and that the policy is being adhered to.
The company recognises that there may be occasions when specialist advice is necessary.
Employees Data Protection Representatives
Names, job titles and functions of these people are listed below:
Director: Simon Shields
HR Manager: Megan Williams
H&S Manager: Sean Connor
IT Manager: Nigel Redfearn
E-Parts Manager: Dave Lees
Data Protection Officer: Candice Parr
v.1.0 June 2018 Edited & customised by: Thompsons (UK) Ltd, Vulcan Way, New Addington, Croydon, Surrey, CR9 0DE