DATA PROTECTION POLICY
Approved by: Ian Marriott
Policy Reference: ASP6
Produced: 01/09/2022
Revision: 3
Introduction
Every company needs to keep records of its employees. Not only are these in many cases a legal requirement but without personal information it would be extremely difficult to manage Accent Services. The Data Protection Act 1998 (DPA). is intended to protect individuals from unwanted or harmful uses of their personal data so that their personal privacy is protected. It regulates the way in which companies collect, use, disclose and destroy information about
individuals to ensure that they do so in a responsible and accountable fashion.
Purpose and Scope
This Data Protection Policy and Procedure is intended to ensure that all processing of personal data carried out by Accent Services complies with the requirements of the DPA. In particular, Accent Services seeks to ensure that all those processing data are aware of their obligations under the DPA and that all data subjects are made aware of their rights.
Throughout employment and for as long a period as is necessary after employment, Accent Services will need to keep information for purposes connected with an employee’s employment. These records may include:
-
Employee information gathered about an employee and any references obtained during recruitment
-
Terms of employment including payroll, Tax and National Insurance information
-
Performance information including training records
-
Details of grade and job duties
-
Health records
-
Absence records, including holiday records and self-certification forms
-
Details of any disciplinary investigations and proceedings
-
Contact names and addresses
Accent Services might hold the following information about an employee for which disclosure to any person will be made only when strictly necessary for the purposes set out below:
-
An employee’s health, for the purposes of compliance with our health and safety and our occupational health obligations.
-
For the purposes of HR management and administration, e.g. to consider how an employee’s health affects his/her ability to do their job. and, if the employee is disabled, whether any reasonable adjustment to be made to assist him/her at work.
-
The administration of insurance, pension, sick pay and any other related benefits
-
In connection with unspent convictions to enable us to assess an employee’s suitability for employment, whilst taking into cognisance the Rehabilitation of Offenders Act 1974
Data Protection Principles
The DPA is mandatory and all organisations that hold or process personal data must comply.
The Data Protection Act contains 8 principles that everyone responsible for using data must
adhere to; these are as set out below:
-
Personal data should be processed fairly and lawfully
-
Data should be obtained only for one or more specified and lawful purposes
-
The data should be adequate, relevant and not excessive
-
It should be accurate and where necessary kept up to date
-
Any data should not be kept for longer than necessary
-
Personal data should be processed in accordance with the individual’s rights under the act
-
Data should be kept secure
-
Personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection
Data Protection Policy
Accent Services requires all employees to comply with the DPA in relation to the information about other staff; failure to do so will be regarded as serious misconduct and will be dealt with under Accent Services disciplinary policy and procedure. You are responsible for notifying Accent Services of any changes to information you have provided. Line Managers have responsibility for the type of personal data they collect and how they use it. Staff should not disclose any personal or other people’s data outside the organisation's procedures, for their own purposes. Everyone who works for or with Accent Services has some responsibility for ensuring data is collected, stored and handled appropriately
Employees have a legal right to access information that an employer may hold on them and the purpose for which it is used and how to gain access to it; an employee can also ask for the removal or correction of any inaccurate data. This could include information regarding any grievances or disciplinary action, or information obtained through monitoring processes.
Procedure for an employee to obtain information
Employees who feel the organisation has misused information or hasn't kept it secure should contact the General Manager who is the designated Company’s Data Protection Officer (responsible for compliance) with overall responsibility to ensure the implementation of this policy and procedure and its compliance with the DPA.
An employee has the right to be given a copy of any personal data held and processed by Accent Services. Accent Services must respond to any application within 40 days of receiving such a request, providing that:
-
The request is in writing.
-
Any fee requested (a maximum of £10) for administration expenses, has been paid.
-
The Employee has supplied any information that is required to confirm his/her identity and the location of the relevant information.
-
Accent Services has not already complied with an identical or similar request by the same employee, except after a reasonable interval has elapsed.
There are some exemptions to these provisions, namely:
-
References provided by Accent Services
-
References received if disclosure would give information about any other individual, unless that individual had consented to the disclosure.
-
Where the disclosure of data might be likely to prejudice the conduct of the business.
-
If disclosure would be likely to give away a current negotiation position e.g. in relation to a salary negotiation.
-
Personal data disclosed for the purpose of legal proceedings in relation to legal rights.
-
Data that might compromise national security or hamper the detection of a crime etc.
If an employee is unsatisfied with the response from Accent Services, they can refer their
complaint to the Information Commissioner's Office (I.C.O.).
Health Information
Accent Services can, seek to collect information regarding an employee's health if the employee freely gives consent, Accent Services would have considered why they need the information and exactly what information is needed. This information once collected would be held securely and in the strictest confidence, and would only be released to those that have a direct need to know. There are times when Accent Services can only act on the information made available by the employee or has received his or her consent for such information to be
obtained.
Monitoring employees - telephone calls, emails
The Data Protection Act will apply if employers are monitoring employees; for example, to detect crime or excessive private use of e-mails, internet use etc. However, the act requires that employees should be aware of the nature and reason for any monitoring.
Effective review and audit mechanisms, will be carried out on a regular basis to ensure legal requirements, and also to ensure that policies and standards are complied with in practice. Such reviews and audits will be reported and published.
Signed by
Ian Marriott
Managing Director
01/09/2022