1 ATMD Bird & Bird Singapore Personal Data Protection Policy
2 Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS: 6 6. VIOLATIONS: 6 7. QUERIES OR COMPLAINTS 6 8. APPROVAL AND VARIATION 6 9. GLOSSARY 7
3 ATMD Bird & Bird SINGAPORE PERSONAL DATA PROTECTION POLICY REQUIREMENTS FOR ALL STAFF 1. PURPOSE This document sets out the policies and procedures that ATMD Bird & Bird LLP ("ATMDBB") has put in place, to comply with Singapore s personal data protection law as set out in the Personal Data Protection Act 2012 ("PDPA"). 2. SCOPE All employees (whether full-time, part-time, contract-based) and personnel, including interns, (collectively staff ) working in ATMDBB must comply with the policy. All new ATMDBB staff will receive training on personal data protection as part of their induction programme, while existing ATMDBB staff will receive training on personal data protection as part of their ongoing training and development. After completion of the training programme, staff will be required to sign an acknowledgement form to acknowledge that they have undergone the training programme, understand their obligations and responsibilities, and agree to protect any personal data with which they come into contact with in accordance with the PDPA. ATMDBB's Data Protection Officer ("DPO"), is responsible for ensuring ATMDBB's compliance with the PDPA. The DPO may delegate his/her various tasks and responsibilities. 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 3.1 ATMDBB staff must comply with the obligations under the PDPA whenever they are processing Personal Data. The Personal Data Protection Safeguards set out in Section 4 below set out what this means. 3.2 The PDPA applies when Personal Data of individuals in Singapore is processed by, or on behalf of, ATMDBB or when Personal Data of individuals out of Singapore is brought into Singapore and processed in Singapore. 3.3 "Personal Data" refers to data, whether true or not, about an individual who can be identified from that data, or from that data in combination with other information to which the organisation may have access. This includes data that would identify a person (e.g. name, residential address, personal address, home telephone or employee number, etc), opinions and facts about individuals, and information about employees or clients. It is not confined to a person's personal (i.e. non-work) life: Mobile telephone numbers and personal details (e.g. IC number) may also be personal data. The fact that information is publicly available may prevent personal data protection laws from applying to it, but care must be taken to ensure the data is clearly publicly available. When in doubt, it is better to assume that the data is personal data. 3.4 "Processing" also has a broad meaning: for example, collecting, using, recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, erasure, obtaining, copying, amending, adding, deleting, extracting, storing, disclosing, transferring or destruction of personal data. 3.5 The PDPA requires that ATMDBB complies with the following obligations: The Consent Obligation (PDPA sections 13 to 17)
4 An organisation must obtain the consent of the individual before collecting, using or disclosing his personal data for a purpose. Consent from minors Consent may be granted by minors who are at least 13 years of age. However, ATMDBB should obtain consent from a minor s parent or legal guardian to provide consent on the minor s behalf where a minor is below the age of 18. The Purpose Limitation Obligation (PDPA section 18) An organisation may collect, use or disclose personal data about an individual only for purposes that a reasonable person would consider appropriate in the circumstances and, if applicable, where the individual concerned has been notified of the intended purposes. The Notification Obligation (PDPA section 20) An organisation must notify the individual of the purpose(s) for which it intends to collect, use or disclose the individual s personal data on or before such collection, use or disclosure of the personal data. The Access and Correction Obligation (PDPA sections 21 and 22) An organisation must, upon request: i. provide an individual with his or her personal data in the possession or under the control of the organisation and information about the ways in which the personal data may have been used or disclosed during the past year; and ii. correct an error or omission in an individual s personal data that is in the possession or under the control of the organization. The Accuracy Obligation (PDPA section 23) An organisation must make a reasonable effort to ensure that personal data collected by or on behalf of the organisation is accurate and complete, if the personal data is likely to be i. used by the organisation to make a decision that affects the individual concerned; or ii. disclosed by the organisation to another organisation. The Protection Obligation (PDPA section 24) An organisation must protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. The Retention Limitation Obligation (PDPA section 25) An organisation must cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals as soon as it is reasonable to assume that: i. the purpose for which the personal data was collected is no longer being served by retention of the personal data; and
5 ii. retention is no longer necessary for legal or business purposes. The Transfer Limitation Obligation (refer to PDPA section 26) An organisation must not transfer personal data to a country or territory outside Singapore except in accordance with the requirements prescribed under the PDPA. The Openness Obligation (refer to PDPA sections 11 and 12) An organisation must implement the necessary policies and procedures in order to meet its obligations under the PDPA and shall make information about its policies and procedures publicly available. Section 4 sets out the steps which ATMDBB has adopted and that staff must follow to ensure that these obligations are met. 4. PERSONAL DATA PROTECTION SAFEGUARDS 4.1 Process personal data with consent and notification for relevant purposes In general ATMDBB only processes personal data where it has obtained consent, notified the individual of the relevant purpose of the processing and where such purpose is appropriate for a business or legal purpose, unless exempted by law For example, staff may process personal data (1) where this is for ATMDBB's business purposes (including verifying the identity of a client) and (2) where the individual has provided consent In some situations, ATMDBB may also process personal data without consent when permitted by law, such as for managing or terminating an employment relationship In other situations, staff should seek guidance from the DPO if they wish to collect, use or disclose personal data and are unsure if they are able to do so Where ATMDBB holds personal data for certain specific purposes, staff must be careful not to use the data in any other way which is incompatible with those purposes. If the relevant individuals would not expect this use of the data, it is likely to be 'inappropriate use' For example, staff may not access an individual's personal data records for their own purposes, or for friends or family. This is a breach of their employment obligations Disclosure of personal data should not be made unless such disclosure is legally acceptable and appropriate. If requested by a Government agency to disclose personal data, ATMDBB staff ensure that such disclosure can be made and if in doubt, should consult with the DPO prior to disclosure Use or disclosure of personal data for a new purpose may not be covered by the relevant notice and consent. Staff must therefore obtain consent from the individual or otherwise consult the DPO first, if they wish to use or disclose personal data for a new purpose. 4.2 Sensitive personal data Sensitive personal data includes information about an individual's physical or mental health or condition, racial or ethnic origin, financial data, the commission or alleged commission of any criminal offence, criminal convictions, political opinions, trade union membership, religious or philosophical beliefs and sexual life.
6 4.2.2 Although the PDPA does not recognize or have special obligations in relation to sensitive personal data, ATMDBB staff should recognize that the handling of sensitive personal data requires special care, as the unauthorised disclosure or leakage of sensitive personal data is potentially damaging to ATMDBB. 4.3 Openness ATMDBB is transparent about how it uses personal data: if the ATMDBB collects personal data about individuals, it must tell them how this information will be used. This means, for example, providing information about: the purposes for which ATMDBB processes personal data; the general types of other companies or business to whom ATMDBB will disclose the personal data, and the purposes for which they will be disclosed; the rights that individuals have to access and correct their personal data; and whether personal data is transferred outside Singapore In general, notice must be provided to individuals before ATMDBB collects personal data from them It is not necessary to provide information on uses for business contact information provided by individuals, where it is evident from the context how the information will be used. 4.4 Accuracy and Retention Staff should collect only personal data that is adequate, relevant and not excessive. Personal data may only be collected if there is a business need for the information and if the level of information so collected is proportionate to this Staff should use personal data that is accurate and, as far as possible, up to date. Staff should advise ATMDBB s Human Resources department promptly if their details change While client contact information will often be in the form of business contact information, this may not always be the case. If staff are told about a change in a client's personal data, they should change any local contact databases that they maintain and ensure central databases are updated accordingly ATMDBB must not retain personal data for longer than is necessary for the purposes for which the data was collected. Staff should comply with ATMDBB s records and document retention policies. 4.5 Security and Confidentiality ATMDBB implements appropriate administrative, technical, organisational and physical measures to protect personal data. This requires appropriate IT and physical security and staff training and care in selection of third parties who process personal data on behalf of ATMDBB. Staff must comply with policies implementing these measures ATMDBB may, from time to time, use shared services and third party providers to process personal data, but has implemented policies and procedures to protect the personal data as required under the PDPA. Before Personal Data is disclosed to shared services and third party providers, ATMDBB staff should check whether there are contracts or other legally binding documents in place to ensure that the shared
7 services or third parties will comply with the PDPA. If in doubt, please approach the DPO Any suspected or actual breach, unauthorised disclosure of, damage to or loss of any personal data (including loss of or damage to equipment containing personal data or hard copies of personal data) should be promptly reported in accordance with the relevant IT Security policies as well as to the DPO Be aware that those seeking information sometimes use deception in order to gain access to it. Always verify the identity of the individual and the legitimacy of any request for personal data. Unless essential, avoid releasing Personal Data over the telephone. If in doubt, please contact the DPO. 4.6 Restriction on transfers of Personal Data out of Singapore A "transfer" under the PDPA refers to the transfer of Personal Data outside of Singapore, whether the Personal Data is transferred electronically (e.g. cloud storage, , etc) or physically (e.g. shipping physical files) The PDPA restricts transfers of personal data to other countries unless prescribed steps are taken to ensure that the personal data is protected. ATMDBB may, from time to time, use various shared services, outsourcing vendors and agencies outside Singapore to process personal data for administrative, business and legal purposes, or share employee personal data with other Bird & Bird offices around the world. ATMDBB may transfer Personal Data outside Singapore to these companies and to Bird & Bird offices in other countries for various business and legal purposes ATMDBB has put in place agreements to regulate the transfers of data to third parties outside of Singapore under binding legal agreements Staff must seek the clearance of a DPO or the Legal department if they wish to transfer personal data to a new supplier or vendor outside Singapore, to ensure that a data transfer agreement is already in place. 4.7 Rights of Individuals ATMDBB will honour individuals rights under personal data protection laws: to access and correct information relating to them; to prevent direct telemarketing to them; or to withdraw consent to processing of their personal data Any requests by staff for access to Personal Data should be made to the HR department or to the DPO Access and correction requests may be submitted through standard forms available from the DPO. However, ATMDBB must accept all requests made in writing and sent to the business contact information of its DPO, or left at or sent (by pre-paid post) to its Singapore office If ATMDBB staff receive any requests from individuals in relation to their Personal Data, such as access, correction or withdrawal of consent requests, such requests should be forwarded immediately to the DPO. ATMDBB should respond to access and correction requests within 30 days. If ATMDBB is unable to respond within 30 days, it must within that time inform the applicant in writing of the time by which it will respond to the request. It would also be good practice to specify the reasons why ATMDBB is unable to respond within 30 days of the request. If ATMDBB wishes to impose an administrative fee for access requests, it should also set out the fee amount, payment methods and other related details.
8 5. ATMDBB EXCEPTIONS: Any request to deviate from this policy must be approved by the DPO. 6. VIOLATIONS: Failure to comply with this policy is a disciplinary offence and will be handled in accordance with ATMDBB's disciplinary procedures. 7. QUERIES OR COMPLAINTS If you have any queries or complaints in relation to this policy or data protection generally, you should contact ATMDBB's DPO at The DPO or a person to whom he or she has delegated certain responsibilities, will respond to your query or complaint, investigate the complaint or request additional information in order to do so. 8. APPROVAL AND VARIATION This policy has been approved by ATMDBB's HR department. This policy may be updated from time to time. Please ensure that you refer to the latest version of the policy made available to all staff.
9 9. GLOSSARY "Personal Data" refers to data, whether true or not, about an individual who can be identified from that data, or from that data in combination with other information to which the organisation may have access; "Processing" includes recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, erasure, obtaining, copying, amending, adding, deleting, extracting, storing, disclosing, transferring or destruction of personal data; "Sensitive personal data" includes information about an individual's physical or mental health or condition, racial or ethnic origin, financial data, the commission or alleged commission of any criminal offence, criminal convictions, political opinions, trade union membership, religious or philosophical beliefs and sexual life; "Transfer" under the PDPA refers to the transfer of Personal Data outside of Singapore, whether the Personal Data is transferred electronically (e.g. cloud storage, , etc) or physically (e.g. shipping physical files).
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
PUBLIC CONSULTATION DRAFT OF PROPOSED LIA CODE OF CONDUCT FOR AGENTS OF LIFE INSURERS ON THE SINGAPORE PERSONAL DATA PROTECTION ACT 2012 (NO. 26 OF 2012) Submission of feedback should reach LIA via email
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
PERSONAL DATA PROTECTION CHECKLIST FOR ORGANISATIONS How well does your organisation protect personal data? This self-assessment checklist is based on the nine personal data protection obligations underlying
Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
DATA PROTECTION POLICY The Hollandse School Limited (hereinafter HSL ) is an educational institution with a history of over 93 years, and is one of the largest Dutch language schools abroad where the International
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
Data Protection Consent Clause and Policy Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use,
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational
WHEN BUSINESS GETS PERSONAL A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS PERSONAL DATA PROTECTION COMMISSION S I N G A P O R E www.pdpc.gov.sg Introduction Organisations today
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City
Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations
CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES GLOBAL FORUM 2009 ICT & The Future of the Internet - Monday, October 19 th 2009 firstname.lastname@example.org Introduction & Structure ENISA Working Group
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
Data Protection Policy: Policy Statement: ERC Institute (ERCI) collects and uses information about people with whom it communicates. As stipulated by the Personal Data Protection Act (2012) (hereinafter
DATA PROTECTION POLICY DATA PROTECTION POLICY Reviewed and Adopted April 2016 Signed...COG...HEAD Next review April 2018 Data Protection Policy AIMS This policy sets out the Council s commitment to the
Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant
TPS Corporate Services Personal Data Protection Policy In this policy, we, us, our means and all its related companies (collectively known as TPS ), you, your or yours means the persons to whom this policy
Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 4 of the the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
Data Integrity and Information Protection May 2014 Advisory Presentation Outline Overview of Data Integrity and Information Protection KPMG Data Loss Barometer 2012 Information Protection Challenges Some
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to