In carrying out its work, the OA collects and uses information about a variety of people. These may include current, past and prospective employees, trustees, volunteers, consultants, contractors, temporary workers, clients, beneficiaries and suppliers. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means. The OA regards the lawful and correct treatment of personal information as very important to its successful operation and to maintaining confidence between it and whom it aims to help and those with whom it carries out business.
All line managers and staff must take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:
- Paper files and other records or documents containing personal data are kept in a secure environment;
- Personal data held on computers and other information communications technology (ICT) systems is protected in accordance with the OA’s Information Security Policy and its associated security procedures.
All trustees, presidents, vice-presidents, volunteers, contractors, consultants, associates and partners, must:
- Ensure that they and all of their staff, where relevant, who have access to personal data held or processed for or on behalf of the OA, are aware of this policy and are fully aware of their duties and responsibilities, ensuring that they apply the same standards for the handling of such data;
- Follow other supplementary data protection policies or procedures specific to their role;
- Allow data protection audits by the OA of data held on its behalf (if requested);
- If they fail to follow OA policies and procedures, indemnify the OA against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation.
All contractors, suppliers and partners who are users of personal information supplied by the OA will be required to confirm that they will abide by the requirements of data protection legislation with regard to information supplied by us, either through the contract between the two parties and in a data sharing agreement.
All trustees, presidents, vice-presidents, employees, volunteers, consultants, associates, temporary workers, contractors and suppliers shall:
- Take all reasonable steps to prevent any personal data they process, access or transfer in the course of their employment or association with the OA from being disclosed to or accessed by any unauthorised person;
- Comply with the General Data Protection Regulation 2016 and any relevant data protection legislation when processing any personal data in the course of their employment or association with the OA;
- Take all reasonable steps to ensure that any third party to whom they transfer or give access any personal data not only complies with relevant data protection legislation but also prevents it from being disclosed to or accessed by any unauthorised person;
- Report immediately on becoming aware of any actual or suspected breach of data protection legislation in accordance with the OA’s Data Security Breach Procedure.