Data Protection Act Policy
Personal data is any kind of information which makes it possible to identify a particular living individual. Uses of personal data (processing) are regulated by a number of different data protection, privacy or constitutional laws throughout the world.
A-GRC endorses best practice in the processing of personal data and will comply with the relevant legislation, but the general principles it applies are listed below but will be tailored to the specific legislation for the jurisdictions within which they work.
- personal data shall be collected with fairness and transparency by making the individual aware of all the intended uses of their data.
- personal data shall only be collected for a designated purpose or purposes. The amount and type of data shall be no more than is required to fulfil that purpose;
- no person shall be wilfully misled or deceived as to the intended use of their data by A-GRC;
- no unfair pressure shall be imposed on any individual to supply personal data.
- all personal data shall be kept up to date and accurate.
- personal data shall be kept only for as long as it is needed to complete its purpose, unless there is any overriding statutory obligation to retain it for longer periods.
- personal data shall be treated with appropriate levels of confidentiality and with respect for individual rights.
- all manual (paper-based) and electronic data shall be properly protected at all times to prevent loss, damage, unauthorised access or disclosure by any person.
- information about personal data shall only be provided to the person to whom it relates and shall not be released without adequate prior verification of the identity of the requester. Third party representatives must be able to demonstrate, in writing, adequate authority to act.
- all requests connected with access to personal data shall be dealt with promptly. A detailed, dated note of any information provided to the requester shall be placed on the permanent record.
- the source of personal data shall be acknowledged on the record. Any request for amendments to the factual data record shall be dealt with promptly. Opinions shall be avoided unless wholly substantiated and clearly distinguishable from fact.
- only data from live systems shall be provided, unless the request specifies otherwise, or it is clear that the data will be held in an archive because of the time period involved. This shall be communicated to the requester for the avoidance of doubt.
All employees shall be responsible for applying the data protection principles at all times to each and every instance of personal data processing. Any deliberate breach of policy or unauthorised disclosure of personal data shall form the basis for disciplinary action.
A-GRC shall ensure that all new employees are aware of this policy as part of their induction and shall regularly review and monitor this policy to ensure its implementation and effectiveness.
This policy is issued, reviewed at least annually and maintained by the Data Protection Officer, who also provides advice and guidance on its implementation and ensures compliance
All A-GRC employees shall comply with this policy.
Dated: 1 January 2018