Document Reference: IM 06 Data Protection Policy
The main risks within the Company are: • information about data getting into the wrong hands, through poor security or inappropriate disclosure of information • individuals being harmed through data being inaccurate or insufficient
Key risks
Responsibilities Company Directors / Senior Management
Our Company Director and Senior Management have overall responsibility for ensuring that the organisation complies with its legal obligations. Our Data Protection Officer responsibilities include: • Briefing the Company Director and Senior Management on Data Protection responsibilities • Reviewing Data Protection and related policies • Advising other staff on tricky Data Protection issues • Ensuring that Data Protection induction and training takes place • Notification to the ICO • Handling subject access requests • Approving unusual or controversial disclosures of personal data • Approving contracts with Data Processors • IT Data Security in conjunction with IT Company All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work. Employees that breach the Data Protection Policy will be subject to disciplinary action, up to and including termination of employment. Employees may also be held personally liable for violating this policy.
Data Protection Officer
Employees & Volunteers
Enforcement
Cox Management Services Ltd ISO 9001 / ISO 14001 / ISO 45001
Rev 6 01/11/2024 PAS99: 2012 Issue 1
Approved: AK
3
Made with FlippingBook Digital Publishing Software