Your data security policy is a crucial document that you should use to outline and guide your company’s strategy for promoting GDPR compliant data security measures. Your data security policy should be discussed, shared with, and made accessible for everyone in your company. You should fill in your company’s particulars, as outlined in the below template.
Yes. Your data security policy is a crucial tool to maintain ongoing GDPR compliance. We recommend you review this policy document every three months to ensure all security protocols and processes are compliant. Any updates must be clearly communicated to all company stakeholders and staff members.
Here at Earth Friendly Concrete By Wagner, we collect, process and store personal data for a range of business purposes. Data subjects include customers, suppliers, partners, employees, clients and other stakeholders and individuals.
Bearing in mind Earth Friendly Concrete By Wagner’s commitment to uphold the rights of the individual as enshrined in law, our data security policy is designed to protect all past, current and future employees, customers, or partners, from illegal or damaging activity conducted by others using their personal data.
Our data security policy outlines how Earth Friendly Concrete By Wagner will endeavour to guard and protect all personal data. It also sets out to raise the awareness of staff members in relation to the ways in which GDPR impacts their use of individual’s personal data.
This policy applies to all data processing activities involving Earth Friendly Concrete By Wagner, and includes activities or systems related to both internal business operations, as well as external relations and any third-party agreements.
Please note that Earth Friendly Concrete By Wagner’s data security policy applies to all employees, and this policy may be subject to review and amendment on a regular basis. For more information about this policy and its overall implementation, consult our Data Protection Officer.
This document is subject to regular review to ensure ongoing regulatory compliance.
Personal data encompasses any type of information that relates to an identifiable individual. Various types of personal data Earth Friendly Concrete By Wagner may collect, store and process could include:
The above list is by no means exhaustive, and should be used merely as a point of reference from which a working definition of personal data can be established and further developed.
Under GDPR, sensitive personal data is defined as encompassing any of the following:
It is paramount that all sensitive personal data is kept under stringent control as part of the implementation of our data security policy.
Earth Friendly Concrete By Wagner uses personal data for a range of various purposes. These purposes may include:
Please note the above list is by no means exhaustive, and should merely be used as a reference point from which a working definition of purpose can be established.
Earth Friendly Concrete By Wagner must carry out a range of functions and processes as part of our operational activity. Data kept in relation to these activities falls under the category of data for business purposes, which includes information of the following nature:
The above list is by no means exhaustive, and should be used merely as a point of reference from which a working definition of business purposes can be established and further developed
At Earth Friendly Concrete By Wagner, there will be occasions when employees will need to process personal data; however, processing activities must always be carried out in a fair and lawful manner that is compatible with the rights of each corresponding individual. Consequently, we should avoid processing the personal data of any individual who has not provided us with explicit consent.
Our company must strive to obtain explicit consent at all costs, and we must clearly identify to the individual what data is being processed, why we need to use it and who will have access to their data. These factors must be identified and clearly reiterated to the individual at the point of request for consent.
It’s worth noting there may be exceptional circumstances in which we are asked to process sensitive personal data without consent. An example of an exceptional circumstance could include legal obligations we may need to carry out to comply with health and safety regulations.
Earth Friendly Concrete By Wagner endeavours to take all actions necessary to ensure that all personal data we obtain, process and store is accurate, relevant and adequate in relation to the reason in which we asked for that information. We should not hold excessive or irrelevant data on any individuals, and we will not process any personal data for a purpose unrelated to the purpose in which the relevant individual has consented to the processing of their data.
Data security is a critical component of our business. It falls on everyone at Earth Friendly Concrete By Wagner to take responsibility for data security, and all employees must familiarise themselves with our data security policy and do everything within their power to uphold that policy on a day-to-day basis.
Please note that Earth Friendly Concrete By Wagner takes data protection incredibly seriously, and we expect all staff members to adhere to this data security policy. Any failure and refusal to comply with this policy could ultimately place our company at risk.
Bearing that in mind, personal non-compliance with this data security policy could lead to disciplinary action as they relate to ordinary personnel procedures. Please contact your line manager with any further questions concerning data protection at Earth Friendly Concrete By Wagner.
As a staff member at Earth Friendly Concrete By Wagner, you can expect to receive data protection training in line with our data security policy. All incoming employees will be provided training as an aspect of the wider staff induction process, and all staff members can anticipate the requirement to undergo additional training as a result of subsequent regulatory updates to GDPR or other relevant legislation as it relates to data security.
Data security will inevitably encompass a range of additional responsibilities for various roles within the company. These roles and their responsibilities include (but are not limited to):
GDPR stipulates our company must appoint a Data Protection Officer. It is our Data Protection Officer’s responsibility to:
Information technology plays a crucial role in the way our company operates. Any processes relating to IT and the processing and storage of data must be carefully monitored, assessed and guided by an IT Manager.
It is the responsibility of Earth Friendly Concrete By Wagner’s IT Manager to:
A significant proportion of our marketing activities involve the collection, storage and processing of data. Consequently, our Marketing Manager must oversee the following responsibilities:
Earth Friendly Concrete By Wagner takes data security extremely seriously, and we place the rights of the individual and regulatory adherence at the heart of everything we do as a company.
In light of our commitments, it is mandatory all staff members must observe and adhere to the following data security policies:
Please note that Earth Friendly Concrete By Wagner will carry out regular system audits to monitor and ensure ongoing compliance with this data security policy and all regulatory requirements as outlined under GDPR.
While Earth Friendly Concrete By Wagner must routinely collect and store data, we are committed to the rights of individuals. That’s why we retain all information and personal data for no longer than we need to.
The necessary length of retention will often be decided on a case-for-case basis, bearing in mind the rationale and original purpose surrounding data collection and retention. Decisions of this nature must be made in a way that is compatible with our existing data retention guidelines under GDPR.
For additional guidance, consult the following corresponding documents:
Employees must observe a series of restrictions that apply towards the international transfer of data or personal information. Employees are not permitted to transfer personal information or data outside of the United Kingdom without having obtained explicit permission in the first instance from the company’s Data Protection Officer.
Earth Friendly Concrete By Wagner deploys encryption to secure and protect data that is stored on devices from unlawful processing or unauthorised access. Encryption is also used to protect information that is in transit.
We also use the anonymisation of personal data wherever deemed prudent to ensure the rights of the individual are fully protected and observed.
In line with these principles, we are committed to the use both encryption and anonymisation as a risk management tool alongside existing systems, to protect the company from accidental loss, as well as from the damage or destruction of data or personal information.
Unless otherwise noted or informed, employees are strictly forbidden from using company equipment, tools or systems for any purpose unrelated to their role responsibilities, excluding any previously mentioned exceptions. This policy also relates to any relevant systems, tools or equipment belonging to a company client or partner.
Bearing that in mind, the following activities should be deemed forbidden with no exceptions:
Please note that any violation of this policy can lead to disciplinary action, alongside legal action where deemed prudent or necessary.
If you encounter any incidents or issues relating to the security or protection of information or data, you must report this immediately to company management. Management will subsequently take and record any action deemed necessary to prevent damage or loss in relation to a security threat.
If necessary, it is the responsibility of company management to report relevant incidents relating to a data breach or information security threat to regulators or the authorities. Under GDPR, it also falls upon management to contact the individuals involved in any breach or security threat.