GDPR 01 – 23/05/2018
DATA PROTECTION POLICY
1 – INTRODUCTION
The General Data Protection Regulations 2018 regulates the way in which all personal data is held and processed. This is a statement of the data protection policy adopted by the Assist Legal Services. It applies to all Assist Legal Services’ employees.
In order to operate efficiently Assist Legal Services needs to collect and use information about the people with whom we work. This includes current, past and prospective employees, reviewers, professional experts, stakeholders, delegates and others with whom we communicate.
Assist Legal Services regards the lawful and correct treatment of personal information as integral to our successful operation, and to maintaining the confidence of the people we work with. To this end we fully endorse and adhere to the principles of the General Data Protection Regulations 2018.
2 – PURPOSE
The purpose of this policy is to ensure that everyone handing personal information at Assist Legal Services is fully aware of and complies with data protection procedures and that data subjects are aware of their rights under the General Data Protection Regulations 2018.
Scope: Information covered by the General Data Protection Regulations 2018
‘Personal data’ covered by the General Data Protection Regulations 2018 is essentially any recorded information which identifies a living individual. Personal data held by Assist Legal Services will include contact information for a variety of stakeholders and other personal details.
3 – RESPONSIBILITY
Kevin Wilford is the Data Controller has overall responsibility for compliance with the General Data Protection Regulations 2018, but, individual members of staff/the Data Processors are responsible for the proper use of the data they process.
4 – POLICY STATEMENT
The General Data Protection Regulations 2018 and the rights of the individual are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restricting processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
The General Data Protection Regulations principles are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
To meet the requirements of these principles, Assist Legal Services will:
- Fully observe conditions regarding the fair collection, and use of information
- Meet its legal obligations to specify the purposes for which information is used
- Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
- Ensure the quality and accuracy of the information used
- Hold personal information on Assist Legal Services systems for as long as is necessary for the relevant purpose, or as long as is set out in any relevant contract held with Assist Legal Services or Assist Legal Services’ Information Retention Policy
- Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulations 2018 (these include: the right to be informed that processing is being undertaken; the data subject’s right of access to their personal information; the right to prevent processing in certain circumstances; the right to correct, rectify, block or erase information which is regarded as wrong information)
- Take appropriate technical and organisational security measures to safeguard personal information and
- Ensure that personal information is not transferred outside the EEA without suitable safeguards.
5 – RESPONSIBILITIES FOR DATA PROTECTION & CONFIDENTIALITY
Assist Legal Services will ensure that there is someone with specific responsibility for data protection in the organisation. The Data Controller for Assist Legal Services is:
16 Broad Walk
0161 818 7 818
Assist Legal Services will ensure that:
- The Data Controller understands their role and their rights and responsibilities
- The Data Processors understand their role and the rights and responsibilities
- This policy is available to each member of staff
- The Data Controller and Data Processors are adequately trained in handling personal information
- Queries about handling personal information are dealt with promptly and courteously
- Clear processes and procedures are in place to show how all data is processed and held
- The Data Controller will approve all changes to policies and procedures.
6 – STAFF RESPONSIBILITY
- All staff shall be aware of the requirements of the General Data Protection Regulations 2018 and how the rules apply to them.
- All staff will complete data protection induction and annual training.
- All staff have a responsibility to ensure that they respect confidential information in their possession and maintain information security. Disclosure of confidential information gained as part of your employment to a third party, or assisting others in disclosure, will be viewed by Assist Legal Services with the utmost seriousness.
- All staff are responsible for ensuring personal information is kept no longer than is necessary.
- All staff are responsible for making sure that all personal data held, is up-to-date, accurate and relevant.
7 – PRIVACY STATEMENT
Assist Legal Services respects your privacy. The information that you provide us with, or that is gathered automatically, helps us to monitor our services and provide you with the most relevant information.
8 – YOUR RIGHTS & SUBJECT ACCESS REQUESTS
Under the General Data Protection Regulations 2018, you are the data subject, and with that comes your rights as to what we do with your data.
- The right to be informed – We always make sure that you know why we need your data, what we do with it, how we process, how long we hold it for, and if there is any transfer of data to a third party, with the right to withdraw consent.
- The right of access – If you would like to know what data we hold on you, simply send us a request at firstname.lastname@example.org. We will respond to you within 30 days.
- The right to be forgotten – You don’t want us to hold your details any longer? Email us at email@example.com.
- The right to restrict processing – Do you think the details we hold on you are not correct? Let us know and we will restrict the processing of the data, until we know we have the right details.
- The right to data portability – You want us to send a copy of your data to another data controller? E-mail us at firstname.lastname@example.org
- The right to object – You don’t want us to send you any direct marketing materials? Tell us and we will stop. Email us at email@example.com.
- Your rights in relation to automated decision making and profiling – we don’t use automated decision making or profiling, but if we ever do you will be the first to know.
9 – DATA PROTECTION COMPLAINTS PROCEDURE
Assist Legal Services will comply fully with its obligations under the General Data Protection Regulations 2018. If you have any questions or concerns regarding Assist Legal Services’ management of personal data, including your right to access data about yourself, or if you feel Assist Legal Services holds inaccurate information about you, please contact Assist Legal Services’ Data Controller, Kevin Wilford at firstname.lastname@example.org.
If you feel that your questions or concerns have not been dealt with adequately or that a subject access request you have made to Assist Legal Services has not been fulfilled you can use Assist Legal Services’ complaints procedure, by contacting us at email@example.com.
If you are still dissatisfied, you have the right to contact the office of the Information Commissioner, the independent body overseeing compliance with the General Data Protection Regulations 2018: http://ico.org.uk/
10 – DATA BREACHES
If a breach occurs which is likely to result in a risk to the rights and freedoms of data subjects, then the following will be reported to the Supervisory Authority:
- The nature of the personal data breach
- The categories of personal data
- The approximate number of data subjects affected
- The approximate number of personal data records concerned
- The contact details for the point of contact here at Strategy 365
- The likely consequences of the personal data breach
- The measures taken to address the personal data breach
11 – REVIEW
This policy will be reviewed on an annual basis.
12 – BREACHES OF THIS POLICY
All Assist Legal Services employees, partners, agencies, consultants and contractors have a responsibility to protect personal data and to report data security incidents and breaches of this policy as quickly as possible. This also extends to any external organisation contracted to support or access the Information Systems of Assist Legal Services.
In the case of third party consultants or contractors non-compliance could result in the immediate removal of access to the system. If damage or compromise of Assist Legal Services’ ICT systems or network results from the non-compliance, Assist Legal Services will consider legal action against the third party. Assist Legal Services will take appropriate measures to remedy any breach of the policy. In the case of an employee then the matter may be dealt with under Assist Legal Services‘ own disciplinary process.