The director of the company, Leonidas Stergiou, will be responsible for ensuring that data protection employment policies and procedures comply (including the restricting of employees access to personal data) with the GDPR and for ensuring that they continue to do so.
Stergiou Limited has in place mechanisms for regularly checking that policies and procedures are followed. Employment policies and procedures, including unwritten practices are to be regularly checked and areas of non-compliance will be eliminated.
Stergiou Limited carries out regular spot-checks, audits and assessments to ensure that appropriate restrictions and information barriers are put in place and are robust. Such assessments are documented and actions arising from such reviews are implemented as quickly as possible.
Third Party Data
Stergiou Limited will ensure that;
- only authorised people can access, alter, disclose or destroy personal data;
- those people only act within the scope of their authority; and
- if personal data is accidentally lost, altered or destroyed, it can be recovered to prevent any damage or distress to the individuals concerned.
The director will work closely with IT Administrators to ensure that rights of access are regularly reviewed and audited. Access to databases will only be given following the express authority of the director of the company, Leonidas Stergiou.
Stergiou Limited will provide appropriate initial and regular refresher training, and this will cover:
- the organisation’s duties under the GDPR and restrictions on the use and access of personal data;
- the responsibilities of individual staff members for protecting and accessing personal data, including the possibility that they may commit criminal offences if they deliberately try to access, or to disclose, information without authority;
- the proper procedures to use to identify callers;
- the dangers of people trying to obtain personal data by deception (for example, by pretending to be the person whom the information is about or by making “phishing” attacks) or by persuading you to alter information when you should not do so; and
- any restrictions the organisation places on the personal use of its computers by staff (to avoid, for example, virus infection or spam).
Stergiou Limited will ensure that business areas and individual line managers who process information about workers will be well trained in and understand their own responsibility for compliance under the GDPR and if necessary amend their working practices in the light of this.
Stergiou Limited will assess what personal information about workers is in existence and who is responsible for it. Stergiou Limited will eliminate the collection of personal information that is irrelevant or excessive to the employment relationship. If sensitive data is collected Stergiou Limited will ensure that a sensitive data condition is satisfied.
Stergiou Limited will ensure that all workers who are authorised to handle workers information are aware how they can be criminally liable if they knowingly or recklessly disclose personal information outside the organisation's policies and procedures.
Serious breaches of data protection rules including the unlawful accessing of personal data is a disciplinary matter. Stergiou Limited will provide a guide explaining to workers the consequences of their actions in this area.
Version date: 21 May 2018