10. Data & Compliance
Both the client & the company agree to keep and make sure that anyone we employ or are responsible for, keeps to any anti-bribery or anti-laundering laws and or regulations relating to this agreement or any related services.
The client agrees to take full responsibility for how it deals with data as per the Data Protection Act 1998 & while the company needs to keep certain information provided by the client to carry out its day to day operations to meet its objectives and to comply with legal obligations, the company is committed to ensuring any personal data will be dealt with in line with the Data Protection Act 1998. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection procedures. This document also highlights key data protection procedures within the organisation.
This policy covers all employed staff that will need to deal with client data in line with the Data Protection Act 1998 principles, LGG Marketing Ltd will ensure that personal data will:
- Be obtained fairly and lawfully and shall not be processed unless certain conditions are met
- Be obtained for a specific and lawful purpose
- Be adequate, relevant but not excessive
- Be accurate and kept up to date
- Not be held longer than necessary
- Be processed in accordance with the rights of data subjects
- Be subject to appropriate security measures
- Not to be transferred outside the European Economic Area (EEA)
The definition of ‘Processing’ is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer.
The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. The organisation will seek to abide by this code in relation to all the personal data it processes, i.e.
Accountability: those handling personal data follow publicised data principles to help gain public trust and safeguard personal data.
Visibility: Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data.
Consent: The collection and use of personal data must be fair and lawful and in accordance with the DPA’s eight data protection principles. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained.
Access: Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data.
Stewardship: Those collecting personal data have a duty of care to protect this data throughout the data life span.