Goal of the data protection policy
The goal of our data protection policy is to depict the legal data protection aspects in one summarising document. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) but also to provide proof of compliance.
As a well-established company it is imperative that we have a clearly defined data protection policy outlining our commitment and motivation to comply with data protection.
Security policy and responsibilities in the company
- All customer, supplier or individuals data (Including Staff) is to be kept private and only be used for the legitimate interests of the business or social welfare.
- No personal data will be shared outside the organisation except when necessary for carrying out our business, i.e. sharing contact name, company name, addresses, phone numbers and e-mail with carrier companies for the purpose of making deliveries.
- All personal data to be handled following the principles outlined on https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/
- Roles and Responsibilities of the Organisation.
- Managing Director – Oversee all data storage policies and controls.
- Office Staff and directors – Ensure they are processing data following data procedure outlined in Titan.
- We carry out Risk audits of our data protection management system as part of our ISO9001:2015.
- All staff with access to personal or individuals’ information are trained on keeping the information secure following company procedures and training outlined in training plan WCM26.
- Internal audits are carried out on data protection as part of our ISO audits in the risk section yearly and at other times as deemed necessary. All audits are recorded within our Titan QMS section.
- Data protection need: As part of the audits and our risk management we review the need to keep data and minimise retention where necessary.
Summary of Areas that are outlined and covered in our internal Data Protection training in detail.
- Guideline for the rights of data subjects
- Access control
- Computer/IT Security, covering:
- Screen lock and E-Mail
- Mobile devices and telecommunications
- Restriction of software installation and use
- Data backup
- Protection against malware/viruses
- Sensitive Data including credit card information and document retention policy.
- Privacy and protection of personal information.
- Marketing regulations following the Guide to Privacy and Electronic communications Regulations (PECR).
- Website Privacy Statement.
For Internal Security reasons full details of internal training are not included in this statement.