At Gerard Greenan Consulting Limited (GGCL) we aim to ensure that all data collected about staff, clients and third pareties is collected, stored and processed in accordance with the Data Protection Act 1998.
This policy applies to all data, regardless of whether it is in paper or electronic format.
This policy meets the requirements of the Data Protection Act 1998, and is based on guidance published by the Information Commissioner’s Office.
Personal data
Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified
Sensitive personal data such as:
• Contact details
• Racial or ethnic origin
• Religious beliefs, or beliefs of a similar nature
• Where a person is a member of a trade union
• Physical and mental health
• Sexual orientation
• Whether a person has committed, or is alleged to have committed, an offence
• Criminal convictions
Processing
Obtaining, recording or holding data
Data subject
The person whose personal data is held or processed
Data controller
A person or organisation that determines the purposes for which, and the manner in which, personal data is processed
Data processor
A person, other than an employee of the data controller, who processes the data on behalf of the data controller
GGCL processes personal information relating to Clients, staff and at times information relating to third partiesincluded as content with client projects and, therefore, is a data controller. At times we delegate the responsibility of data controller to teith Gerard Greenan or Vicqui Bartum.
Data protection principles
The Data Protection Act 1998 is based on the following data protection principles or rules for good data handling:
• Data shall be processed fairly and lawfully
• Personal data shall be obtained only for one or more specified and lawful purposes
• Personal data shall be relevant and not excessive in relation to the purpose(s) for which it is processed
• Personal data shall be accurate and, where necessary, kept up to date
• Personal data shall not be kept for longer than is necessary for the purpose(s) for which it is processed
• Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998
• Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data
• Personal data shall not be transferred to a country or territory outside the European Economic Area unless the country or territory ensures an adequate level of protection for the rights and freedoms of data in relation to the processing of personal data
Roles and responsibilities
The Managing Director has overall responsibility for ensuring that GGCL complies with its obligations under the Data Protection Act 1998.
Day-to-day responsibilities rest with the Gerard Greenan, or Vicqui Bartrum his absence. Gerard Greenan will ensure that all staff are aware of their data protection obligations, and oversee any queries related to the storing or processing of personal data.
All designated staff at GGCL are responsible for ensuring that they collect and store any personal data in accordance with this policy. Staff must also inform the GGCL of any changes to their personal data, such as a change of address.