What is GDPR

The EU General Data Protection Regulation ("GDPR") came into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age. The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU, affording individuals stronger, more consistent rights to access and control their personal information.

What is ParticleForward'ss Commitment

Particle Forward is committed to ensuring the security and protection of the personal information we process and providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program that complies with GDPR.

Particle Forward is dedicated to safeguarding the personal information under our remit and to developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarized in this statement. They include developing and implementing new data protection roles, policies, procedures, controls, and measures to ensure maximum and ongoing compliance. 

Particle Forward already has a consistent level of data protection and security across our organization; however, we aim to fully comply with the GDPR. Our preparation has included: -

  • Information Audit
  • Policies & Procedures
    • Data Protection
    • Data Retention & Erasure
    • Data Breaches
    • International Data Transfers & Third-Party Disclosures
  • Subject Access Request (SAR)
  • Legal Basis for Processing
  • Privacy Notice/Policy
  • Obtaining
  • Direct Marketing
  • Data Protection Impact Assessments (DPIA)
  • Processor Agreements

Correction of Data

Particle Forward has a system that enables employees to check their personal information regularly to correct, delete or update any data. Suppose an employee becomes aware that Particle Forward holds any inaccurate, irrelevant, or out-of-date information about them. In that case, they must notify the HR department immediately and provide any necessary corrections and updates to the report. Individuals can also amend certain personal information within Particle Forward's HR system. Aside from this, annual information checks and workforce correspondence reviews are conducted regularly to assess the accuracy of the data held.

Monitoring

Particle Forward may monitor employees by various means, including, but not limited to, recording employees, checking emails, listening to voicemails, and monitoring telephone conversations. If this is the case, Particle Forward will inform the employee that monitoring is taking place, how data is being collected, how the data will be securely processed, and the purpose for which the data will be used. The employee will usually be entitled to be given any data that has been collected about him/her. Particle Forward will not retain such data for any longer than is necessary.

In exceptional circumstances, Particle Forward may use monitoring covertly. This may be appropriate where there is, or could potentially be, damage caused to Particle Forward by the activity being monitored and where the information cannot be obtained effectively by any non-intrusive means (for example, where an employee is suspected of stealing property belonging to Particle Forward ). Covert monitoring will take place only with the approval of the Managing Director and Head of HR & Training.

Employees' Obligations 

Employees that handle personal data must ensure that:-

  • The information is accurate and up to date insofar as it is practicable to do so
  • The use of the information is necessary for a relevant purpose, and it is not kept longer than necessary
  • The information is secure
  • Uses password-protected and encrypted software for transmission and receipt of emails
  • Sends fax transmissions to direct fax where possible and with a secure cover sheet;
  • Locks files in a secure cabinet.

Where information is disposed of, employees should ensure that it is destroyed. This may involve the permanent removal of the information from the server so that it does not remain in an employee's inbox or trash folder. Hard copies of information may need to be confidentially shredded.

Where an employee is required to disclose personal data to any other country, they must ensure that there are adequate safeguards for data protection in the host country.

An employee must not take any personal information away from Particle Forward's premises without prior consent from the Head of HR & Training.

If an employee is in doubt about what they may or may not do with personal information, they should seek advice from the HR Department.

Consequences of Non-Compliance

All employees must comply with the data protection principles when accessing, using, or disposing of personal information. Failure to observe the data protection principles within this document may result in an employee incurring personal criminal liability. It may also result in disciplinary action up to and including dismissal.

Taking Data Off Site

An employee may take only certain employment records off-site. These are documents relating to disciplinary or grievance meetings that cannot be held on-site/meetings with occupational health/discussions surrounding the sale of the business or specific monitoring purposes/seeking professional advice. Prior authorization must be sought from the Head of HR and Training.

Any employee taking records off-site must ensure they do not leave their laptop, another device or any hard copies of employment records unattended. They must also take care when observing the information in hard copy or on-screen that such information is not viewed by anyone who is not legitimately privy to it.

Loss of Data

Particle Forward takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure, or destruction and have several layers of security measures, including:-

  • Restricted access to files and folders, with a view of all personal data, is accessed on a 'need to know basis.
  • Encryption software for sending personal data/particular personal data
  • Explicit guidance regarding the security marking of such previously mentioned data
  • An appointed CISO (Chief Information Security Officer) to review Particle Forward compliance and best practice surrounding all aspects of cyber security
  • Accountable for reporting any breaches to the Data Protection Officer

However, should an incident occur involving the loss or potential loss of personal or unique personal data, it should be reported to the Particle Forward Data Protection Officer immediately.