Errigal Contracts GDPR General Policy & Implementation Statement
Statement of Intent
Our company recognises the GDPR (General Data Protection Regulation) and has identified it as an item of mandatory legislation in our register of legislation and regulation, that i.e. the relevant parts of it taking the context of our business into account, should be complied with so as to protect, so far as reasonably practicable, the personal data that we hold and / or process in the curse of conducting our business. Our company had already registered under the 1998 DPA (Data Protection Act) with the ICO (Information Commissioner’s Office) and we are now re-developing and gradually implementing our personal data related processes to ensure compliance with the new or enhanced requirements of the GDPR.
Responsibilities
The controls for the management of GDPR ultimately lies with the board of directors. This includes the responsibility to ensure the provision of adequate resources for implementation and regular assessment. The daily implementation of this policy lies with operational management with support being provided by health and safety management. All employees have a responsibility to comply with this policy and its associated arrangements.
Arrangements & Implementation Plan
Identify all types/ categories of personal data being held and/ or processed, paying attention to and identifying, if applicable, special category data and/ or Criminal offence data. It should be noted that we recognise and will address data in whatever form it takes including electronic data and hard copy of that data and conventionally hand-written e.g. ‘wet ink’ information
Lawful basis for processing; Decide on this for each type/ category of data identified by, i.e. the 6 categories of lawful basis of processing being: Consent; Contract; Legal obligation; Vital interests; Public task; Legitimate interests
Be aware of, fully understand and ensure documented processes are in place to ensure that each of the Individual’s (person’s) 8 rights – listed as follows – can and will be respected and put into practice if or when appropriate or necessary: Right to be informed; Right of access; Right to rectification; Right to erasure; Right to restrict processing; Right to data portability; Right to object; Rights related to automated decision making including profiling.
Accountability and governance
Contracts
Documentation
Establish a data protection management system, documented so far as considered necessary or appropriate with appropriate training provided to those people in the organisation who will be required to be responsible for and operate it, to encompass, as a minimum, the following mandatory requirements and respective supporting processes: Data protection by design and default; Data protection impact assessments; Data protection officers; Codes of conduct and certification, Data security, International transfers, Personal data breaches, Exemptions, Applications and Children
To establish, in consultation with the ICO, any change (in relation to the GDPR over and above the current fee payable under the DPA) in the data protection fee payable to the ICO for continued and appropriate ICO registration
Performance Management, Monitoring and Review
The effectiveness of management arrangements together with our performance against stated objectives is routinely monitored and reported to the Errigal Board on a regular basis. This policy and its associated arrangements will be reviewed at least annually.
Authorisation
04/01/2019 04/01/2019
Cormac McCloskey (Construction Director) Damien Treanor (Financial Director)
1 | P a g e