• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Data Protection Act Policy

---

Personal data is any kind of information which makes it possible to identify a particular living individual. Uses of personal data (processing) are regulated by a number of different data protection, privacy or constitutional laws throughout the world. All personal data is governed under the Data Protection Act 1998.

The following role has been created in BCRM for managing the Data Protection Act, its implementation and operation:

• Data Protection Officer;

BCRM endorses best practice in the processing of personal data.

• personal data should be collected with fairness and transparency by making the individual aware of all the intended uses of their data;
• personal data should only be collected for a designated purpose or purposes. The amount and type of data should be no more than is required to fulfil that purpose;
• no person should be wilfully misled or deceived as to the intended use of their data by BCRM;
• no unfair pressure should be imposed on any individual to supply personal data;
• all data must be kept up to date and accurate;
• personal data should be kept only for as long as it is needed to complete its purpose, unless there is any overriding statutory obligation to retain it for longer periods;
• personal data will be treated with appropriate levels of confidentiality and with respect for individual rights;
• all manual (paper-based) and electronic data should be properly protected at all times to prevent loss, damage, unauthorised access or disclosure by any person;
• information about personal data may only be provided to the person to whom it relates and shall not be released without adequate prior verification of the identity of the requester. Third party representatives must be able to demonstrate, in writing, adequate authority to act;
• all requests connected with access to personal data must be dealt with promptly. A detailed, dated note of any information provided to the requester must be placed on the permanent record;
• the source of personal data should be acknowledged on the record. Any request for amendments to the factual data record must be dealt with with promptly. Opinions should be avoided unless wholly substantiated and clearly distinguishable from fact;
• only data from live systems will be provided, unless the request specifies otherwise, or it is clear that the data will be held in an archive because of the time period involved. This will be communicated to the requester for the avoidance of doubt.

All employees shall be responsible for applying the data protection principles at all times to each and every instance of personal data processing. Any deliberate breach of policy or unauthorised disclosure of personal data may form the basis for disciplinary action.

BCRM will ensure that all new employees are aware of this policy as part of their induction and will regularly review and monitor this policy to ensure its implementation and effectiveness.

This policy is issued, reviewed at least annually and maintained by the Data Protection Officer, who also provides advice and guidance on its implementation and ensures compliance

All BCRM employees shall comply with this policy.

Sian Watson

Managing Director

Dated: 1 August 2009