This data protection policy ensures information about your health regards of the goverment request:
• Complies with data protection law and follow good practice
• Protects the rights of staff, customers and partners
• Is open about how it stores and processes individuals’ data
• Protects itself from the risks of a data breach
These rules describe how and where data should be safely stored. Questions about storing data
safely can be directed to the IT manager or data controller.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some
reason:
• When not required, the paper or files should be kept in a locked drawer or filing cabinet.
• Employees should make sure paper and printouts are not left where unauthorised people could see them, like on
a printer.
• Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and
malicious hacking attempts:
Personal data is of no value to [houseofdev] unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft
• When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
• Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
• Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
• Personal data should never be transferred outside of the European Economic Area.
• Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.
House of Dev aims to ensure that individuals are aware that their data is being processed, and that
they understand:
• How the data is being used
• How to exercise their rights
To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the
company.