1. |
Introduction and Overview
|
1.1 |
The FBU takes the security and privacy of personal data seriously. The FBU will process data in accordance with the data protection principles.
|
1.2 |
All members, officers, staff, contractors and volunteers will comply with this policy and help the FBU put this policy into practice.
|
2. |
|
2.1 |
|
3. |
Personal data
|
3.1 |
|
3.2 |
|
4. |
|
|
This includes processing personal data which forms part of a filing system and any automated processing.
|
5. |
|
5.1 |
Everyone to whom this policy applies has some responsibility for ensuring data is collected, stored and handled lawfully and in accordance with this policy. |
5.2 |
|
5.3 |
You should only access personal data covered by this policy if you need it for the work you do for, or on behalf of, the FBU and only if you are authorised to do so. You should only use the data for the specified lawful purpose for which it was obtained.
|
5.4 |
|
5.5 |
You should keep personal data secure and not share it with unauthorised people.
|
5.6 |
You should regularly review and update personal data which you have to deal with for work. This includes telling us if your own contact details change.
|
5.7 |
|
5.8 |
|
5.9 |
Personal data should be encrypted before being transferred electronically to authorised external contacts. [Speak to IT for more information on how to do this.] Consider anonymising data or using separate codes so that the data subject cannot be identified.
|
5.10 |
Do not save personal data to your own personal computers or other devices.
|
5.11 |
Personal data should never be transferred outside the European Economic Area except in compliance with the law and authorisation of the DPO.
|
5.12 |
|
5.13 |
You should not take personal data away from FBU premises without authorisation from your line manager or DPO.
|
5.14 |
|
5.15 |
|
5.16 |
Any deliberate or negligent breach of this policy by you may result in disciplinary action being taken against you in accordance with our disciplinary procedure.
|
5.17 |
It is a criminal offence to conceal or destroy personal data which is part of a subject access request (see below). This conduct would also amount to gross misconduct under our disciplinary procedure, which could result in your dismissal.
|
6. |
|
6.1 |
|
6.2 |
We will do all we can to avoid data breaches. When they happen we will do what we can to avoid any damage to the individual. We will also review our practices and procedures to avoid such breaches in the future.
|
7. |
|
7.1 |
Data subjects can make a ‘subject access request’ (‘SAR’) to find out the information we hold about them. This request must be made in writing. If you receive such a request you should forward it immediately to the DPO who will coordinate a response. We have to respond within a month.
|
8. |
|
|
|
|
|
|
|