As a requirement of the General Data Protection Regulations 2018, Sunville Rail Ltd will identify our compliance to the GDPR Regulations as follows.
• All business data associated with the Management Systems which we have raised and implemented will only be reviewed by two individuals within Sunville Rail Ltd, (hereinafter known as SRL), and their names are available upon request.
• No information contained within the Management systems will be shared, copied, discussed, or passed on to anyone outside of the company that we support, and assist with document management.
• No information will be ‘downloaded’ onto any external hard drives, Compact Discs or memory sticks / data sticks of any type or kind, unless permission is given to do so by the individual in question.
• Where work has been contracted to be completed upon third party management systems, no information contained within the Management systems will be shared, copied, discussed, or passed on to anyone outside of the company that we support, and assist with document management.
• All audits conducted that contain potentially sensitive data, a request will be made to ensure that we can audit the data that is applicable to document management and will not ask or record personal data of any kind. If during an audit it is apparent that a data breach may take place if the audit progresses, the audit will be stopped prior to that point and an explanation made why progress cannot be made.
• All data and information will only be available to those who need it, can justify a reason for needing it and a justification for reviewing any documentation provided by Clients to assist in support of their management system.
• When the Company conducts Office visits, SRL staff will only focus upon work that is associated with our scope and purpose, and will not work outside of that remit, especially if there is the potential of being involved in or creating a data protection breach.
• If a potential data breach is recognised, SRL staff will raise their concerns to the Managing Director if available, or Senior Manager within the establishment, of concerns that may have been witnessed.
• Where work is being completed, should an SRL staff member leave the work station, the PC or laptop will be locked to ensure that information being worked upon is not viewed by persons who are not entitled to see and review that information.
• Any meetings where an SRL presence is requested will be treated as ‘In Confidence’ at all times, with any outputs from those meetings be circulated with agreement from the Managing Director or Senior Manager and to those staff members authorised to receive it.
• All work completed by SRL will be within the boundaries of knowledge and competence expected.
This policy will be reviewed as a minimum annually, however, where working practices and demands change, this policy will be reviewed to ensure that SRL as an organisation remain compliant to the regulations so far as is reasonably practicable.
Amended on 30.11.2018