J Bailey & Sons Ltd Data Protection Policy

Introduction

New data protection legislation is due to come into force on 25th May 2018. This aims to protect the privacy of EU citizens and prevent data breaches. It will apply to any public or private organisation processing personal data.

The new General Data Protection Regulations 2016 specify that any processing of personal data should be governed by a contract with certain provisions included.

J Bailey & Sons Ltd is required to gather and use certain information about individuals, customers, suppliers and organisations. This also includes other people the organisation has a relationship with or may need to contact.

The Data Protection Act 2018 describes how organisations, including J Bailey & Sons Ltd must collect, handle and store personal information.  The rules apply regardless of whether data is stored electronically, on paper or on other materials.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

GDPR requires that personal data shall be:

The Policy describes how this personal data must be collected, handled and stored, to meet the company's data protection standards and to comply with the law.

The policy ensures that J Bailey & Sons Ltd complies with Data Protection Law and follows good practice. It protects the rights of customers and suppliers and is open about how it stores and processes individuals data.  It also protects itself from the risks of a Data Breach.

Data Protection Risks

This Policy helps to protect J Bailey & Sons Ltd from real data security risks, including:


Responsibilities

Everyone who works for J Bailey & Sons Ltd has some responsibility for ensuring data is collected, handled and stored appropriately. All personal data must be handled and processed in line with this Policy and Data Protection Principles.

Key areas of responsibility within J Bailey & Sons Ltd:



J Bailey & Sons Ltd Staff Access to Personal Data

Data Storage

Data Use

Personal data is of no use to J Bailey & Sons Ltd, unless the business can make use of it. When personal data is accessed and used it can be at a great risk of loss, corruption or theft:



Data Accuracy

The law requires J Bailey & Sons Ltd to take responsibility to ensure data is kept accurate and up to date. It is the responsibility of employees of J Bailey & Sons Ltd who work with data to ensure data is kept accurate and up to date.



Access Requests

All individuals who are the subject of personal data held by J Bailey & Sons Ltd are entitled to:

A Subject Access Request can be obtained from J Bailey & Sons Ltd by emailing the Data Controller Gill.Hoddinott@jbaileyandsons.co.uk. The Data Controller will always verify the identity of anyone making a Subject Access Request prior to handing over information.

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without consent of the data subject.

Under these circumstances, J Bailey & Sons Ltd will disclose requested date. However, the Data Controller will ensure the request is legitimate, seeking assistance for the board and from the company's legal advisers where necessary.

J Bailey & Sons Ltd aim to ensure that individuals are aware that their data is being processed and they understand:

J Bailey & Sons Ltd has a Privacy Statement, setting out how data relating to individuals is used by the company. This is available on request.





Breach Procedure

If J Bailey & Sons Ltd has a breach potentially containing your data, we will inform you within 24 hours of the breach taking place or being identified. This will enable you to investigate and put in place appropriate measures to protect your customers and/or staff personal data and, if necessary we will report the breach to the Information Commissioners Office (ICO) within 72 hours.

If you experience a breach potentially containing our data, you must tell us immediately (within 24 hours) of the breach taking place. Please contact Gill.Hoddinott@jbaileyandsons.co.uk or telephone 01749 330475. This will enable you to investigate and put in place appropriate measures to protect your customer and staff personal data and, if necessary report the breach to the Information Commissioners Office (ICO) within 72 hours.

J Bailey & Sons Ltd will investigate whether the breach is a potential risk to individuals and is likely to result in a risk to individuals' rights and freedoms. If this is the case, J Bailey & Sons Ltd will notify the individuals affected providing steps they can take to protect themselves from consequences of the breach. All breaches will be documented and records maintained by the Controller.