The purpose of this policy is to be a guideline for employees of Aidan Strain Electrical Engineering Limited, to clearly lay out how they may use data, how they can keep it secure and the consequences of misuse. This relates to employee data, customer data and supplier data. When processing data employees have the responsibility of ensuring that they are not breaching any of the following rights of the data subject:
- The right to be informed about the data we hold on you and what we do with it
- The right to access the personal data we hold about you (free of charge in most cases)
- The right to correct any inaccuracies in the data we hold on you
- The right to have your data deleted (in certain circumstances)
- The right to restrict the processing of your data
- The right to transfer data we hold on you to another party
- The right to object to the inclusion of any of your data
Data Processing | Staff Protocol |
Emails:Sending and receiving emails containing personal information within the email address, signature or email itself | All computers must have a passwordAll email accounts must have a passwordEmployees should not share their passwords with anyone (not even other employees)All emails older than 6 years (including archived emails) must be deletedHighly sensitive personal information, (e.g. financial details etc.) must not be sent via email. Google drive or Dropbox should be used instead |
Own Devices:Using your own laptop/phone for work related activities | All own devices being used for ASEE business must be password protected and have suitable anti-virus software and a firewallIf they hold ASEE data they should not be used by anyone else i.e. no family members/friends |
Payslips: | Payslips will no longer be sent by email, because this poses too great a risk to personal dataPayslips will now be uploaded to a secure online password protected portalEmployees should not share their portal passwords with anyone else |
Desktops: personal data saved on desktops and desktops left accessible while desks are unattended | No personal data is to be saved on the desktopPersonal data should be stored within (password protected/locked) drives on the computerComputers should be locked when you are leaving your desk for lunch/break etc. |
Diaries: personal information stored within diaries for general business dealings e.g. phone numbers, addresses, etc. | Diaries should not be left open on desks when not being usedDiaries containing personal data should be placed in a secure drawer/cupboard at the end of the day |
Paper: | Any paper documents older than 6 financial years relating to past employees/customers/suppliers must be destroyed by shredding or disposal in the grey and yellow confidential waste binsAny paper documents containing personal data must be kept in locked cabinets/desks which only one person has access to |
Memory Pens/External Hard Drives: | Memory pens should only be used if it is essential (computer drives or google drive could be used as alternatives)Data off old memory pens should be deleted and/or moved to a different secure locationIf memory pens are required ASEE will provide encrypted memory pens |
Google Drive/Drop Box: used to store and share personal information across the EU | Google drive/dropbox access is and will continue to be limited i.e. access is by invite onlyEmployees should not share documents containing personal data unless it is necessaryDocuments will be deleted after 6 years |
P Drive: server used to store and share data on the central computer system | P drive access is limitedContent on the P drive will be further divided up into locked sectionsData will be deleted after 6 years |
Sage: | Sage access is limited to only some employees and is password protectedPersonal details will be deleted after 6 years |
Special Categories of Data: (nationality, ethnic origin, religion etc.) | This data is collected for employees onlyAccess to this data is limited to the Human Resources departmentSpecial category data will be deleted after 6 yearsConsent must be obtained from employees to collect and hold this dataEmployees may withdraw consent at any time |
Sub-Contractors/Site Managers: collect and share personal data for other onsite employees | Employee paper records should be kept in a locked filing cabinet onsiteEmployee electronic records should only be shared with ASEE human resources department |
Third parties: where necessary, employees may have the responsibility of sharing data with some third parties | Employees should only share data with third parties if they know it is essential, legal, secure and will not breach any of the rights of the data subjectData should only be shared with third parties with whom we have a contract, stipulating the standard of data protection they must adhere to |
Data Sharing Requests: | If someone requests personal information relating to another employee you mustAsk the reason for the request and if you decide that it is a legitimate reason (and not a nuisance caller) thenOnly give out their work phone number or email addressPrivate address/phone numbers/email address should not be shared under any circumstancesOther personal data, such as financial information, should not be shared under any circumstancesIf someone requests data about a customer you must not give out this information under any circumstances |
Date to be reviewed: 01/03/19