Highlander Training Ltd Data Protection Policy
1. Introduction
Highlander Training Ltd (“the Company”) is committed to protecting personal data in compliance with the UK GDPR and Data Protection Act 2018.
2. Scope
This policy applies to all employees and affiliates handling personal data.
3. Data Protection Principles
The Company adheres to the following principles:
- Lawfulness, Fairness, and Transparency: Process data lawfully, fairly, and transparently.
- Purpose Limitation: Collect data for specific purposes only.
- Data Minimisation: Only collect necessary data.
- Accuracy: Keep data accurate and up to date.
- Storage Limitation: Retain data only as long as necessary.
- Integrity and Confidentiality: Ensure data security.
4. Data Subject Rights
Data subjects have the rights to:
- Be informed
- Access their data
- Rectify inaccuracies
- Request data erasure
- Restrict processing
- Object to processing
- Object to automated decision-making
5. Data Security
Implement appropriate security measures, including:
- Encryption
- Access control
- Regular backups
6. Data Breach Notification
Notify the ICO within 72 hours of a breach that risks individual rights and freedoms. Inform affected individuals promptly if necessary.
7. Responsibilities
- Data Protection Officer (DPO): Oversees compliance and policy implementation.
- Employees: Ensure personal data is processed in line with this policy.
8. Training
Provide regular data protection training to all employees.
9. Review
Review this policy annually or as needed.
10. Contact
For questions, contact the DPO at Highlander Training Ltd.