Terms and conditions
Data Protection Policy 1. Home 2. Data Protection Policy
Viking Arms Ltd Data Protection Policy
The Viking Arms Protection Policy is to comply with the provisions of the 1998 Act and all relevant subordinate legislation, by:
Effectively and sensitively managing and processing personal data in a fair, lawful and consistent manner in accordance with the data protection principles and all other elements of the 1998 Act.
Establishing roles and responsibilities for compliance with the 1998 Act.
Developing staff understanding and awareness of their duties and obligations under the 1998 Act and the possible consequences of breaches of the 1998 Act.
Integrating Data Protection considerations into business processes.
Keeping policy and practice under review.
The Data Protection Principles
The Data Protection principles state that personal data shall be:
Processed fairly and lawfully .
Obtained only for one or more specified and lawful purposes, and shall not be further processed incompatibly with those purposes.
Adequate, relevant and not excessive in relation to the purposes for which it is being processed.
Accurate and, where necessary, kept up to date.
Kept for no longer than is necessary in relation to the purposes for which it is being processed.
Processed in accordance with the rights of data subjects.
Protected by appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Transferred outside the European Economic Area only if there is adequate protection in the relevant country for the rights of the data subjects.
Review and Audit
This Policy and supporting material will be subject to internal audit. It will be reviewed annually by the Data Protection Committee. Consideration will be given to: any changes to the UK Data Protection legislation , any changes in current practice within Viking Arms including requirements that may involve processing of personal data on a new basis.
Roles and responsibilities
The Data Protection Committee is the data controller and as such, it is responsible for ensuring that Viking Arms complies with all provisions of the Act, in particular the data protection principles.
Managers are responsible for: ensuring that data protection requirements are observed providing clear messages to their staff regarding appropriate processing of the personal data that they handle identifying and addressing training needs within the team and informing the Data Protection Committee if the available training will not address their needs, consulting the Data Protection Committee before processing personal data for a new purpose, informing the Data Protection Committee of any data subject requests or complaints.
All employees are responsible for: complying with the data protection principles, as supported by the Policy, guidance on the application of the Policy and associated policies and guidance, contacting their manager or the Data Protection Committee for guidance if they are in any doubt about how they should deal with certain personal data only processing personal data in the manner that is authorised for the purpose of carrying out their job or with management authorisation. VIKING takes data protection compliance very seriously; any breach of data protection legislation, local data protection procedures and/or the provisions of the Data Protection Policy may render staff liable to internal disciplinary proceedings. Staff should be aware that it is a criminal offence to breach certain provisions of the Act. Knowingly or recklessly obtaining or disclosing personal data without the data controller’s authority may leave an individual employee liable to prosecution.