anzuk Education Data Protection Corporate Policy
Data Protection Act 1998
Companies processing personal data are required to abide by the eight principles of the Data Protection Act 1998 (“DPA”), which require that data is:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Not kept longer than necessary
Processed in accordance with the data subjects rights
Not transferred to countries outside the European Economic Area without adequate protection.
Personal data means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of anzuk Education. Data may only be processed with the consent of the person whose data is held. The definition of “processed” is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes both hard and soft copy data.
The objective of this policy is to ensure that all external stakeholders and staff members are aware of anzuk Education’s policy with regard to processing personal data, and that employees are fully aware of the requirements and obligations required of them and anzuk Education by the DPA.
anzuk Education is required to keep certain information regarding its employees to enable it to carry out its day to day operations, and to comply with its legal obligations.
anzuk Education is committed to ensuring that all personal data is processed in line with the DPA. To comply with the principles of the DPA, as outlined above, personal information will be collected and used fairly, stored safely and not disclosed to any other person or organisation unlawfully.
anzuk Education has registered with the Information Commissioners Office and has appointed a Data Controller [Ben Goldsmith, email@example.com, 0203 384 6111] who is responsible for ensuring the provision of suitable DPA advisory, training and awareness, DPA request handling, and compliance with the anzuk Education’s obligations under the DPA.
It is the responsibility of all employees to ensure that they understand their obligations under the DPA, and to inform the Data Controller if they do not; and all data processed is done so in line with this policy.
All data subjects have the right to access the information held about them, ensure that it is correct and fairly held, and to complain to the Data Controller if they are dissatisfied. All requests to access personal data will be handled in accordance with the DPA.
Data subjects include all staff and any other person about whom anzuk Education processes personal data.
anzuk Education may not always seek the consent of data subjects when processing personal data, for example, when processing for normal business purposes or when the information is already in the public domain.
Everyone who provides personal data to anzuk Education is responsible for ensuring adherence to the DPA, especially with regard to accuracy and, in the case of third parties providing the personal data of others, the right to disclose this personal data.
anzuk Education will review this policy on a regular basis to ensure its relevance and effectiveness.
If an employee is found to have deliberately acted in contravention of this policy, s/he will be subject to the company’s disciplinary policy, and such behaviour could lead to disciplinary action.
Any queries regarding this policy should be raised in the first instance with the Data Controller Ben Goldsmith, firstname.lastname@example.org, 0203 384 6111