As a requirement of the General Data Protection Regulations 2018, Pro Rail Services Ltd (PRS), will identify our compliance to the GDPR Regulations as follows.
- All business data associated with the Management Systems which we have raised and implemented will only be reviewed by two individuals within the business their names are available upon request.
- No information contained within the Management systems will be shared, copied, discussed, or passed on to anyone outside of the company that we support, and assist with document management
- No information will be ‘downloaded’ onto any external hard drives, Compact Discs or memory sticks / data sticksof any type or kind, unless permission is given to do so by the company in question.
- Where work has been contracted to be completed upon third party management systems, no information contained within the Management systems will be shared, copied, discussed, or passed on to anyone outside of the company that we support, and assist with document management
- All audits conducted that contain potentially sensitive data, a request will be made to ensure that we can audit the data that is applicable to document management and will not ask or record personal data of any kind. If during an audit it is apparent that a data breach may take place if the audit progresses, the audit will be stopped prior to that point and an explanation made why progress cannot be made.
- All data and information will only be available to those who need it, can justify a reason for needing it and a justification for reviewing any documentation provided by Clients to assist in support of their management system.
- When the Company conducts Office visits, PRS staff will only focus upon work that is associated with our scope and purpose, and will not work outside of that remit, especially if there is the potential of being involved in or creating a data protection breach.
- If a potential data breach is recognised, PRS Staff will raise their concerns to the Managing Director if available, or Senior Manager within the establishment of concerns that may have been witnessed.
- Where work is being completed, should an PRS staff member leave the work station, the PC or laptop will be locked to ensure that information being worked upon is not viewed by persons who are not entitled to see and review that information.
- Any meetings where an PRS presence is requested, will be treated as ‘In Confidence’ at all times, with any outputsfrom those meetings be circulated with agreement from the Managing Director or Senior Manager and to those staff members authorised to receive it.
- All work completed by PRS will be within the boundaries of knowledge and competence expectedThis policy will be reviewed as a minimum of annually, however, where working practices and demands change, this policy will be reviewed to ensure that PRS as an organisation remain compliant to the regulations so far as is reasonably practicable
Date: May 2018