Deck Joint Ltd Data Protection Policy
Deck Joint Ltd needs to gather and use certain information about individuals.
These can include customers/ suppliers/ business contacts, employees and other people the organisation has a relationship with or may need to
This policy describes how the personal data must be collated, handled and stored to meet the governments data protection standards, and to
comply with the law.
Why this policy exists
This data protection policy ensures Deck Joint Ltd:
- Complies with data protection law and follow good practice.
- Protects the rights of staff and customers.
- Is open about how it stores and processes individual’s data.
- Protects itself from the risks of data breach.
Data Protection Law
The Data Protection Act 1998 describes how organisations including Deck Joint Ltd must collate, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collated and used fairly, stored safely and not disclosed unlawfully.
The Data Protection Act is underpinned by eight important principles. These say that personal data must:
1. Be processed fairly and lawfully.
2. Be obtained only for specific, lawful purposes.
3. Be adequate, relevant and not excessive.
4. Be accurate and kept up to date
5. Not to be held for longer than necessary.
6. Processed in accordance with the rights of data subject.
7. Be protected in appropriate ways.
8. Not be transferred outside the European Economic Area (EEA) unless that country or territory also ensures an adequate level of
People, Risks and Responsibilities.
This policy applies to all staff, customers and suppliers.
It applies to all data that the company hold relating to identifiable individuals.
- Name of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- Plus, and other information relating to individuals.
Data Protection Risks
This policy helps to protect Deck Joint Ltd from some very real data security risks including:
- Breaches of Confidentiality. (information given out inappropriately)
- Failing to offer choice. (individuals should be free to chose how the company uses data relating to them.
- Reputational Damage. (the company could suffer if hackers successfully gained access to sensitive data.
Everyone who works for Deck Joint Ltd has some responsibility for ensuring data is collected, stored and handled appropriately.
Persons that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles such as:
- Keeping updated about data protection responsibilities/ risks and issues.
- Reviewing data protection policy.
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
- Performing regular checks and scans to ensure security hardware and software is functioning properly.
General Staff Guidelines
- Data should not be shared informally. When access to confidential information is required, employees can request it.
- Strong passwords must be used and should never be shared.
- Personal data should not be disclosed to unauthorised people, either within the company or externally.
- Data should be regular reviewed and updated.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
When not required, the paper or files should be kept in a lock drawer or filing cabinet.
When data is stored electronically, it must be protected from unauthorised access. data should be backed up frequently
All servers and computers containing data should be protected by approved security software and a firewall.
Personal data is of no value to Deck Joint Ltd unless the business can make use of it.
- When working with personal data, employees should ensure the screen of their computer are always locked when left unattended.
- Personal data should not be shared.
The law requires Deck Joint Ltd to take reasonable steps to ensure data is kept accurate and up to date.
Deck Joint Ltd aims to ensure that individuals are aware that their data is being processed, and that they understand how the data is being used
and how to exercise their rights.