GDPR POLICY

Introduction

 

At ManxPayroll privacy and data protection rights are very important to me. ManxPayroll is the trading name of Richard Brown, a sole trader.

 

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect. 

 

This document outlines ManxPayroll’s policy to help ensure that I comply with the Data Protection Acts. 

 

Data Protection Policy

 

Purpose of this policy

 

This policy is a statement of ManxPayroll’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts. 

 

Individuals’ Responsibilities

 

When I am involved in the processing/storing of personal data I should make sure;

 

• to obtain and process personal data fairly.

• to keep such data only for explicit and lawful purposes.

• to disclose such data only in ways compatible with these purposes

• to keep such data safe and secure.

• to keep such data accurate, complete and up-to-date.

• to ensure that such data is adequate, relevant and not excessive.

• to retain such data for no longer than is necessary for the explicit purpose.

• to give, on request, a copy of the data to the individual to whom they relate, such a request is known as an ACCESS REQUEST 

 

Any data access requests received should be forwarded immediately to me.  A fee of £10.00 applies to any application for information under the Data Protection Acts.

 

 

Individual Rights

 

The individuals for whom ManxPayroll stores personal data have the following rights:

 

• to have their personal data obtained and processed fairly

• to have personal data kept securely and not illegitimately disclosed to others.

• to be informed of the identity of the Data Controller and of the purpose for which the information is held.

• to get a copy of their personal data.

• to have their personal data corrected or deleted if inaccurate.

• to prevent their personal data from being used for certain purposes: for example, one might want to have the data blocked for research purposes where it is held for other purposes.

• under Employment Rights, not to be forced to disclose information to a prospective employer. No one can force another person to make an access request, or reveal the results of an access request, as a condition of recruitment, employment or provision of a service. Where vetting for employment purposes is necessary, this can be facilitated where the individual gives consent to the data controller to release personal data to a third party.

• It should be noted that under the Freedom of Information Act,  records containing personal information may be released to a third party, where the public interest so requires.

 

 

Principles of the Acts

 

ManxPayroll will administer its responsibilities under the legislation in accordance with the eight stated data protection principles outlined in the Act as follows:

 

1. Obtain and process information fairly.

ManxPayroll will obtain and process personal data fairly and in accordance with the fulfilment of its functions.

 

2. Keep data only for one or more specified, explicit and lawful purposes.

ManxPayroll will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes.

 

3. Use and disclose data only in ways compatible with these purposes.

ManxPayroll will only disclose personal data that is necessary for the purpose/s or compatible with the purpose/s for which it collects and keeps the data.

 

4. Keep data safe and secure.

ManxPayroll will take appropriate security measures against unauthorised access

to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. ManxPayroll is aware that high standards of security are essential for all personal data.

 

5. Keep data accurate, complete and up-to-date.

ManxPayroll will have procedures that are adequate to ensure high levels of data accuracy.  ManxPayroll will examine the general requirement to keep personal data up-to-date.  ManxPayroll will put in place appropriate procedures to assist staff in keeping data up-to-date.

 

6. Ensure that data are adequate, relevant and not excessive.

Personal data held by ManxPayroll will be adequate, relevant and not excessive in relation to the purpose/s for which it is kept.

 

7. Retain data for no longer than is necessary for the purpose or purposes for which they are kept.

ManxPayroll will have a policy on retention periods for personal data.

 

8. Give a copy of his/her personal data to that individual, on request

ManxPayroll will have procedures in place to ensure that data subjects can exercise their rights under the Data Protection legislation.

 

 

Roles/Responsibilities of ManxPayroll

 

ManxPayroll has overall responsibility for ensuring compliance with the Data Protection legislation. 

 

 

Procedures and Guidelines

 

This policy supports the provision of a structure to assist in ManxPayroll’s compliance with the Data Protection legislation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

 

 

Review

 

This Policy will be reviewed regularly in light of any legislative or other relevant indicators.