At Hadfield Roofing & Cladding Limited, we are committed to protecting the personal data of our employees, main contractors and suppliers, and, to being transparent about the information we collect and, what we do with it.
Following the introduction of the new General Data Protection Regulations (GDPR) in May 2018, we carried out a comprehensive review of all systems to ensure we are fully compliant with the new requirements. From this review, we have formulated a Data Protection Impact Assessment (DPIA):
A DPIA will be completed at the beginning of any major project involving the use of personal data or, if any significant change is to be made to an existing process (e.g. introduction of new technology or software). Like other risk assessments, our DPIA will encourage staff to look carefully at what they are doing; why they are doing it; the risks involved and how best to control those risks.Our DPIA will be used to analyse our processing of data and help us to identify and minimise data protection risks as follows
Data Audit
An audit has been carried out with regard to: what data is held; how the data is collected; why the data is held; where data is stored; who has access to it; how consent was obtained and when it will be destroyed.
Security
All data will be stored securely. Anti-virus software will be kept up to date and passwords will be changed regularly. The potential risks will be identified and assessed as well as any additional measures available to mitigate those risks.
Consents
The Data Subject’s (the individual on whom the data is held) consent will be obtained to acknowledge that we hold their personal data on file. We will not pass any personal information to a third party without consent.
Data Retention
We will never collect or store more information than we need. All staff who handle personal information will comply with GDPR regulations and employees’ personal details will only be retained in line with our legal obligations relating to:
- HR functions and employment
- Any Government payable deductions from payroll (income tax etc)
- Employee safety training and welfare
Data will be destroyed when it is no longer required.
Subject Access Requests (SAR)
We acknowledge that all staff and suppliers have the right to ask to see what personal data we hold on them and/or make a request to modify and correct the data we hold.
Incident Response Plan
In the event of the discovery of a data breach or other incident involving personal data, the incident will be dealt with in a way that ensures the ICO (Information Commissioners Officer) or the Data Subject can be informed as to the nature and scale of the breach; the action that has been taken; the potential impact on the Data Subject(s), all within 72 hours of the discovery of the breach.
CCTV Policy
At Hadfield Roofing & Cladding Ltd, we use CCTV to support the safety and security of our staff and premises. However, we recognise that the use of CCTV has data protection and privacy implications and, as such display appropriate signage to inform people that they may be recorded. We acknowledge that anyone can ask to see images recorded of them and will provide these on request. Otherwise, CCTV recordings will only be accessed in the event of a security breach warranting further investigation. Recordings and data will routinely be held for approx one week, before being overwritten with new recordings.
Data Protection Officer (DPO)
Our Data Protection Officer (DPO) and, where appropriate, individuals and/or data processors will be consulted throughout the DPIA process. The primary role of our DPO will be to ensure that our organisation processes the personal data of its staff, main contractors and suppliers (‘data subjects’) in compliance with the General Data Protection Regulations (GDPR) and to also ensure data is kept secure.