Friday 25 May 2018

GDPR - General Data Protection Regulation


GDPR  
At ALD Hairdressing Training Academy  we work with many of training providers, Suppliers,, Students, etc and would love to stay in touch with anyone that has subscribed to our blog.

Our blog provides posts related to our training, products, services as well as useful links to our current policies etc.

If you no longer want to receive our posts please select to unsubscribe and you will be removed from the mailing list.
If you'd like to unsubscribe from e-mail updates you can unsubscribe from comments by email at any time; just click the unsubscribe link in the comment emails you receive. Or, alternatively, you can click the "Unsubscribe" link on the blog's comment page.

Please also read the following for our updated Privacy 

ALD Hairdressing Training Academy  Data Protection Policy

1.       Introduction
 a. We are required to process certain information about individuals with whom we have dealings, for our own administrative purposes and to comply with our legal obligations. For example, we need to keep personal data about our employees and students in order to carry out our function a training academy.
 b. We are committed to ensuring that this processing is undertaken with respect for the rights and privacy of individuals in accordance with current data protection and privacy law.
2.       2. Some Key Definitions
 a. Data Protection and Privacy Law
 i. This includes the Data Protection Act, the EU General Data Protection Regulation, the Privacy and Electronic Communication Regulations, the EU e-Privacy Regulation and other related legislation as may be enacted in parallel with or to replace these laws.
b. Personal Data
 i. This is information that can identify a living person that is held either electronically or in paper form. This can include student records, staff employment details, research datasets and images such as those recorded on CCTV.
c. Data Controller
 i. The data controller decides how and why personal data is to be used, and is legally required to comply with the law. Our Training Academy (ALD) is the data controller for the personal data it uses.
 d. Data Subject
i. This is an identifiable living individual who is the subject of personal data.
 e. Processing
 i. In relation to personal data, this means obtaining, recording or holding the data or carrying out any operation or set of operations on the data.
3.            Principles and Duties
a. Transparency
 i. Whenever  we (ALD)  collect personal data, we will take appropriate measures to provide data subjects with the information required to ensure they understand the nature of the processing and how to exercise their rights in relation to that processing.
b. Consent
 Where we are relying on consent as a legal basis for processing personal data, individuals’ consent will be collected in a manner that ensures it is freely given, specific, informed and unambiguous.
c. Purpose Limitation / Data Minimisation / Storage Limitation / Accuracy
 i. We will only collect and use personal data for specific legitimate purposes, and it will be kept only for as long as we need it for those purposes. We will not collect excessive or irrelevant information. We will ensure that personal data we collect and process will be accurate and kept up to date, where necessary.
d. Security
i. We will have appropriate security measures in place to protect personal data, taking account of the nature of the data and the harm that might be caused if it was lost. These security measures will be regularly tested, assessed and evaluated to ensure they maintain an appropriate level of security for personal data.
e. Rights
 i. Data subjects will be able to exercise fully their rights to access, rectification, erasure, restriction, portability and objection, and their rights with regard to automated decision making and profiling.
f. Marketing
 i. Electronic, telephone and other marketing will be carried out in accordance with the law. Guidance is available for staff to enable them to meet these requirements.
g. Data Protection by Design and Default
i. We will implement appropriate technical and organisational measures to ensure that data protection principles are incorporated into the development and operation of personal data processing activities.
 ii. Data protection impact assessments will be carried out for any new processing activity that is likely to result in a high risk to the rights of the data subjects whose personal data is involved in the processing.
h. Accountability
 i. We will maintain appropriate records to allow us to demonstrate our compliance with these principles and duties, including records of processing activities under our control. A Data Protection Officer (Mrs Paula Lowes) will be designated to fulfil the tasks set out in law. The Data Protection Officer will be provided with the resources and support necessary to carry out those tasks.
i. International Transfers
i. Transfers of personal data outside of the European Economic Area will be subject to appropriate safeguards in accordance with the law.
4              Roles and Responsibilities
a. Data Protection Officer
 i. fulfil the statutory tasks of a Data Protection Officer and report on compliance to the Registrar.
 ii. Advise on policy and draw up procedures and guidance in line with best practice.
 iii. Promote and monitor policy compliance. iv. Coordinate and respond to requests and queries received from data subjects.
 v. Facilitate appropriate training for all relevant staff.
b.. Managers and Data Owners
i. Managers and data owners have a responsibility for ensuring that data protection issues within their areas are managed in a way that meets the provisions of this policy. e. All Staff and Students i. Be aware of data protection requirements and what they mean to the Training Academy
ii. Follow the policy and procedures for handling personal data.
iii. Consult with the Information Security Team for advice and guidance when necessary.
 iv. Report data breaches to the Information Security Team as soon as possible, in line with procedure and guidance.
v. A breach of this policy could result in disciplinary action.

Paula Lowes –

ALD Hairdressing Training Academy Limited
109-111 Blythe Terrace, Birtley. DH3 1DW
Tel: 0191 4111730
Issued 25th May 2018
Reviewed yearly






No comments:

Post a Comment