Data Protection policy
Updated May 2018
1.1 Invision UK Ltd stores, processes, and on occasion discloses information about employees, and other Data Subjects for administrative, legal and commercial purposes. We are committed to a policy of protecting the fundamental rights and freedoms of individuals and in particular their right to privacy with respect to the processing of personal data, as set out in the General Data Protection Regulations (GDPR). When handling such information, Invision UK Ltd, and all staff or others who process or use any personal information will comply with the GDPR at all times.
1.2 To ensure compliance we will:
- Observe the spirit and the letter of the GDPR;
- Co-operate fully with the Information Commissioners Office (ICO);
- Publish and maintain a series of Codes of Practice outlining the meaning of the GDPR and establishing procedures for processing data in day to day working. The Codes of Practice will provide a reference source for all staff to clarify anomalies, which may arise in routine operations;
- Consider that all relevant Group members are subject to the GDPR: no individual Directorate shall hold or process records in any manner which does not conform to the Codes of Practice;
- Seek to obtain comprehensive “informed consent” from Data Subjects regarding the keeping of records, the processing of data and the disclosure of data to third parties;
- Initiate and maintain an on-going programme of staff development; and
- Periodically review its policies and practices to ensure continuing compliance with the GDPR.
1.3 To minimise our liability in law we will:
- Ensure that all new data systems and new forms of processing data will be implemented in accordance with the GDPR;
- Conduct a privacy impact assessment on all necessary new projects, software or systems involving personal data;
- Regard all members of staff as having an obligation to divulge the existence and contents of databases or other soft or hard copy filing systems that contain personal data, to the Data Protection Committee; and
- Implement and maintain appropriate practical and technical measures to ensure the security of all personal data.