PAGE 1 OF 1
DATE FEB 2018
REVIEW DUE FEB 2021
SUBJECT: DATA PROTECTION (GDPR)
POLICY RESPONSIBLE: MANAGING DIRECTOR
DEFINITION: Information security aims of the management system.
WB Power Services obtains information (eg contact details, bank account no., ID & health records) from stakeholders (primarily customers, suppliers & employees) in order to supply a quality service.
We retain the minimum necessary data to enable us to complete our obligations, we use this data fairly to ensure contacts are still accurate for example & we keep it securely in our CRM system held on our encrypted and secure server. We never sell information held to any third parties. Our HR Manager (Data Controller) completes a Data Protection Impact Assessment (DPIA) where one is necessary.
We require your active consent (opt-in) before recording any information about you which we gain from various means depending on the relationship, for employees this will come from the application form, for customers it will come from the sales process.
Should we suffer a Data Breach, we will communicate the scope of the breach to the Data Protection Regulator within 72 hours & to affected individuals (Data Subjects) within 30 days.
On request, we will:
- Explain why your Personal Data was collected, how it is used & how long it will be stored [The right to be informed];
- Supply a copy of your Personal Data (free of charge) within 30 days [The right of access (SAR – Subject Access Request)];
- Quarantine disputed Personal Data until any discrepancy is resolved [The right to restrict processing & the right to object];
- Correct inaccurate Personal Data within 30 days [The right to rectification];
- Manually check decisions that were taken automatically by computer [Rights in relation to automated decision making and profiling];
- Supply your Personal Data electronically to facilitate transfer between organisations [The right to data portability];
- Erase your Personal Data, provided it is no longer required by the company [The right to erasure (right to be forgotten)].
The policy and procedures described in the WBPS Manual conform to the requirements of the General Data Protection Regulation (GDPR). Andrew Wilmott, Managing Director Date: May 2020