Ref: Policy GDPR001
Issue No: 1
Issue Date: May 2018
- Training Policy
- The Data Protection Officer (DPO) assigns data protection responsibilities to employees/staff in relation to Laser Lipo’s policies and procedures on personal data management.
- The Data Protection Officer (DPO) shall ensure that all employees/staff with day-to-day responsibilities involving personal data and processing operations, and those with permanent/regular access to personal data, demonstrate compliance with the GDPR regulations compliant with BS 10012:2017 privacy requirements.
- The DPO ensures that staff are kept upto date and informed of any issues relating to personal data.
- The DPO must maintain a list of relevant external bodies, the most important of which is
When writing a GDPR-compliant privacy notice, your focus should be on transparency and communicating clearly, honestly and openly with the individuals. The key points you may need to address are:
- Who is collecting the data?
- What data are you collecting?
- How are you collecting it?
- What is the purpose and the legal basis for processing the data?
- Who can access the information?
- Will you share the data with any third parties?
- Will you transfer the data abroad?
- What safeguards will you put in place for security of this data?
- How will you use the information?
- How long will you store the data for?
- What rights does the data subject have, including to withdraw consent?
- How can the individual raise a complaint?
- If you will be making automated decisions about the individual, including profiling What you need to tell people differs slightly depending on whether you collect personal data from the individual it relates to, or obtain it from another source.