General Data Protection Regulation Policy Statement

On 25th May 2018 The EU General Data Protection Regulation (GDPR) will replace the current Data Protection Act 1998 which is considered to be weak and out of date.

The aim of the GDPR is to harmonise data privacy laws across Europe and to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.It is not difficult to see why there is a need for an update in the law given the changes in which personal is used and handled with technological advances, I.e. use of the internet, emails and social media.

Ross Metals Limited is committed to ensuring the security of the personal information that we process and to provide a compliant and consistent approach to data protection.However, we recognise the requirement and importance of updating our systems to meet the demands of the GDPR and the Data Protection Act.

Our preparation includes:

Policies & Procedures – Revising existing policies (and implementing where necessary) new procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.

Data Protection – Our policy and procedure document for data protection has been overhauled to meet the standards and requirements of GDPR.  Accountability and governance measures are in place to ensure that we understand and adequately, disseminate and evidence our obligations responsibilities with a dedicated focus on privacy by design and the rights of individuals.

Data Retention & Deletion–We have updated our policy to ensure that we meet the policy for retention of records and that personal information is stored, achieved and destroyed both compliantly and ethically.

We have deletion and erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subjects rights apply; along with any exemptions, response time frames and notification responsibilities.

Data Breaches – Our breach procedure ensures that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach to the Information Commissioner within 72 hours of discovery.

All data breaches are recorded regardless of their effect.

Privacy Notice –Our Privacy Policy has been overhauled to comply with GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.

Obtaining Consent – We are revising our consent mechanism for obtaining personal data, ensuring that individuals understand what data they are providing, why and how we use it and giving clear and defined ways of consent to us processing their information.  We have developed a consent form with an affirmative opt-in, and an easy to see and access way to opt-out and with draw consent at any time.

This Policy will be regularly monitored to ensure that the objectives are achieved.

It will be reviewed and, when necessary, revised, in light of legislative or organisational changes.

Overall responsibility for this policy and its implementation lies with Mr Christopher Ross – Director.

  Print Name:Christopher Ross  Position:  Director
  Signature:C Ross  Date:15/09/2022