1. Policy Statement
WDC Agency Limited is committed to protecting the privacy and security of customer data. This Data Protection Policy sets out our responsibilities in safeguarding sensitive information and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
2. Purpose
The purpose of this policy is to:
– Protect the rights of our customers, employees, and partners.
– Define the data protection responsibilities of all parties involved in processing data.
– Prevent and manage data security breaches.
3. Scope
This policy applies to all employees, contractors, and third-party service providers of WDC Agency Limited who access, process, or store any personal data.
4. Data Protection Principles
WDC Agency Limited adheres to the following data protection principles:
– Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.
– Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
– Data Minimization: Only data that is necessary for the purposes of processing is collected and processed.
– Accuracy: Every reasonable step is taken to ensure that personal data is accurate and kept up to date.
– Storage Limitation: Data is kept in a form which permits identification of data subjects for no longer than necessary.
– Integrity and Confidentiality: Data is processed in a manner that ensures appropriate security.
5. Roles and Responsibilities
– Data Protection Officer (DPO): The DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
– Employees: All employees must understand and adhere to this policy and other related data protection procedures.
6. Data Subject Rights
Individuals have the right to:
– Access their personal data.
– Request correction or deletion of their personal data.
– Object to processing and have data processing restricted.
– Data portability.
7. Data Security
– Data Access Controls: Ensure only authorized personnel have access to personal data as necessary for their role.
– Encryption: Encrypt sensitive data in transit and at rest.
– Training: Provide regular data protection training for all employees.
8. Data Breaches
– Reporting: Any data breach must be reported immediately to the DPO.
– Investigation and Notification: The DPO will investigate the breach, and if necessary, notify affected individuals and the appropriate regulatory body within 72 hours of discovery.
9. Policy Review and Updates
This policy will be reviewed annually or as required by changes in laws or operational practices.
10. Compliance
Failure to comply with this Data Protection Policy may result in disciplinary action, which could include termination, legal action, and fines.