General Data Protection Regulations (GDPR) Policy
The following is a statement of the organisation’s GDPR policy in accordance with the European Parliament and Council Regulation (EU) 2016/679.
It is the policy of Transvalair (UK) Ltd (“Transvalair”) to ensure that the company is fully compliant with all provisions within the new GDPR, and so far as is reasonably practicable, ensure that all customers, suppliers, employees and other third parties who may be affected by our undertakings have their data securely stored, retained for a suitable period, and disposed of in an appropriate fashion, both electronically and physically.
Transvalair acknowledges that the key to successful data security management is an effective policy, organisation and arrangements, which reflect the commitment of the senior management, and the engagement of the employees within the organisation. To maintain this commitment, Transvalair will continually monitor and measure activity, and revise where necessary, a plan that will be reviewed at least annually, to ensure that data security and GDPR guidelines are adequately preserved.
Mr Iain Hardie, along with a cross-functional taskforce, will implement and regularly review the company’s data security policy and recommend any changes to meet new circumstances. Although not required by the legislation, Mr Hardie has been appointed as the Data Protection Officer of the company and will report directly to the company board regarding GDPR matters. Transvalair recognises that successful data protection management contributes to business performance and will allocate adequate resources and finances to meet these needs.
The management of Transvalair acknowledges that the provisions laid down in the GDPR is a legal requirement and is a mutual objective for themselves and Company employees. It is therefore the policy of management to do all that is reasonably practicable to prevent data loss, contamination and ensure that data destruction is appropriate to the type of storage media. Transvalair will also ensure that all data entrusted to it whether as a data controller or processor, is protected and subject to this policy.
All employees have duties under the GDPR and are informed of their personal responsibilities to take care of data security and to ensure that they do not endanger Company or third-party data by their acts or omissions. Employees are also informed that they must co-operate fully with Transvalair in order that it can comply with the legal requirements placed upon it and in the implementation of this policy. Transvalair, through Mr Hardie, will ensure continued consultation with the workforce to enable all viewpoints and recommendations to be discussed at regular intervals.
The organisation will ensure a systematic approach to identifying hazards, assessing the risks, determining suitable control measures and informing all employees of the correct procedures needed to maintain a safe and secure working environment.
Transvalair will provide, so far as is reasonably practicable, secure data locations and systems of work, safe data handling practices, the provision of adequate equipment and ensure that appropriate information, instruction, training and supervision is given.
Transvalair regards the GDPR legislation as the minimum standard and expect management to achieve their targets without comprising data security.
Position: Managing Director Review: 03/01/2019