Data Protection Policy for Toyotek Ltd
Statement of Commitment
Toyotek Ltd is committed to maintaining high standards of security and confidentiality for information in our custody and control. Such information includes business information, trade secrets, know-how and personal data relating to company representatives and employees. The General Data Protection Regulation or GDPR is changing the law and will apply from 25 May 2018.
Toyotek Ltd (“the Company”) handles information including: personal data within the meaning of Data Protection Legislation, commercially sensitive information, business information, trade secrets and know-how. All these categories of information are critical to the successful operation of the Company. The Company has decided that it is appropriate to treat all information in its care and control with the same degree of security and confidentiality. This policy applies to all directors and employees of the Company including temporary and contract workers.
The objectives of this Data Protection Policy are:
• To coordinate the information security and data handling procedures in force at the Company.
• To promote confidence in the Company’s information security and data handling procedures.
• To provide assurances for third parties dealing with the company.
• To comply with Data Protection Legislation.
• To provide a benchmark for employees on information security, confidentiality and data protection issues. The objectives will be achieved by:
• Having designated the Data Protection Manager reporting directly to the board of directors of the Company with responsibility for information handling and privacy issues.
• Using a qualified external consultant as necessary to advise on security and privacy issues.
• Implementing appropriate information handling policies and procedures for employees to follow and refer to.
• Regular monitoring of the effectiveness of information handling policies and procedures to make amendments and additions as necessary from time to time.
The Data Protection Manager is the person you can refer to if you need more information about how data protection is managed within the company.
This Policy will be reviewed in July 2020.
Promotion of the policy
This policy will be communicated to clients at all stages of the relationship but particularly in any submissions to tender and in new client information packs.
It will be made available within the Company as part of the induction process to all new and temporary employees and board directors. The policy will be promoted to current employees by requiring acknowledgement and acceptance of its aims and objectives in writing.
Policies and procedures for achieving compliance with this policy
The objectives of this policy will be met by the following policies and procedures:
• Subject rights procedure
• Data security breach notification
• Providing outsourced services (if relevant)
• Employers obligations - Managing data protection in relation to HR
• Selection and recruitment of new personnel
• Agency recruitment
• Employment records
• Employee benefits
• Monitoring in the workplace
This policy will also be supported by an open communication policy on information handling, which means that the Company undertakes to inform its data subjects, its employees, corporate clients and individual company representatives how it uses information and the purposes for which information is processed.
Monitoring and amendment
A program of continuous review of this policy’s implementation and effectiveness is to be conducted under the direction of the Data Protection Manager. An annual report with recommendations will be presented to the board of directors.
This policy can only be amended with the approval of the Directors of the Company.
Approved by the Directors of the Company at a meeting held in July 2019.