Policy statement
FENWICK ELLIOTT (‘we’, ‘us’ or ‘our’) is committed to:
Scope
This policy explains how we will comply with its responsibilities and obligations under the GDPR and its principles relating to the storage and destruction of personal data.
This policy gives guidance about disposing, deleting and retaining the personal data for which we have a responsibility and/or obligation under the GDPR.
This policy applies to:
NB: This policy should be read and used in conjunction with our other following policies
Objective
The objectives of this policy are to:
Definitions
Personal data means any information relating to an identified or identifiable person ('data subject') such as names, postal/email address, telephone number or identification number.
Special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions or offences
Data subject means any individual whose personal data is processed by us
Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure and destruction. (This means that virtually anything FENWICK ELLIOTT does with personal data will be processing).
Data controller means the organisation which decides the purposes and means of the processing of personal data
NB: The data controller for the purposes of this policy is FENWICK ELLIOTT
Data processor means an individual or organisation that processes personal data on behalf of a data controller
Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.
Staff means anyone working at or for us on a permanent or temporary basis, including, Partners, consultants, permanent, interim and temporary employees, trainees, and those on work experience.
Principles
The relevant data protection principles for the purposes of this policy are that personal data must be:
NB: Keeping personal data unnecessarily may use up valuable storage space, incur unnecessary costs and impose on us a significant liability risk.
Roles and responsibilities
The Partners of FENWICK ELLIOTT have ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy.
The Practice Manager has day-to-day operational responsibility for ensuring we comply with the GDPR, the data protection principles and this policy. The Practice Manager can be contacted at: [email protected] [1].
All staff have a responsibility to comply with the GDPR, the data protection principles and this policy when carrying out their duties.
Line managers are responsible for supporting staff’s adherence with this policy.
Failure to comply with this policy may result in legal and/or disciplinary action.
Retention
We normally retain personal data for a minimum of 12 years.
Disposal and Destruction
When the retention periods expire, we must dispose of and destroy all personal data unless a Partner and the Practice Manager authorises that such data should be retained.
NB: Retaining or destroying personal data in breach of this policy may be considered serious gross misconduct and lead to dismissal.
Shred-it will physically collect the Materials on a regularly scheduled and mutually agreed basis and destroy, on or in reasonable proximity to the firm’s business premises, the Materials through use of mechanical devices
The firm’s IT department will take care of all electronic file deletions.