We hold personal data about our employees, clients, suppliers and other individuals for a variety of business purposes.
This policy sets out how we seek to protect personal data and ensure that staff understand the rules governing their use of personal data to which they have access in the course of their work. In particular, this policy requires staff to ensure that the Data Protection Officer (DPO) be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
Keeping information about clients and staff confidential makes clear business sense but it is also required by law. The EU General Data Protection Regulation (GDPR) defines the ethical handling of personal data. Replacing legislation written before the digital age, the regulation became EU law in 2016, enforceable from 25th May, 2018.