To ensure that use of personal information is controlled in accordance with the Data Protection Act 2018 and General Data Protection Regulations principles and that an individual’s rights are respected.
This policy applies to all Information Assets, including those relating to Upmind, customer and development information across Upmind and where personal data is processed by external providers.
For ensuring that data protection controls are followed and for notifying the Data Protection Officer of concerns or breaches of personally identifiable information (PII). All staff employed by Upmind are also responsible for ensuring that any personal data that is about them that is supplied by them is accurate and up to date.
Upmind needs to collect and use certain types of information about staff and other individuals who come into contact with Upmind in order to operate. In addition, it may be required by law to collect and use certain types of information to comply with statutory obligations of Local Authorities, government agencies and other bodies.
This personal information must be dealt with properly, however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material - and there are safeguards to ensure this is within the EU General Data Protection Regulation and the Data Protection Act.
A record of notification to the ICO is retained by the Data Protection Officer. The ICO Notification Handbook is used as the authoritative guidance for notification. This notification is reviewed annually and update notifications are issued accordingly.
Any breach of the GDPR will be considered as a breach Information Security Policy and could also be considered a criminal offence, potentially resulting in prosecution.
Third parties working with or for Upmind and who have or may have access to personal information will be expected to comply with this policy. Third parties who require access to personal data will be required to sign a Confidentiality Agreement before access is permitted. This will also include an agreement that Upmind can audit compliance with the Confidentiality Agreement.
Upmind is a data controller and/or a data processor as defined under GDPR and the Data Protection Act 2018
Any processing of personal data must be conducted in accordance with the following data protection principles of the Regulation, and Upmind policies and procedures will ensure compliance.
Personal data must be processed lawfully, fairly and transparently.