GENERAL DATA PROTECTION REGULATION POLICY

DATA PROTECTION STATEMENT

Nursing Solutions Limited is fully committed to protecting and respecting your privacy and takes its responsibilities in this regard very seriously. The company wishes to assure you that it is committed to comply fully with requirements of the General Data Protection Regulation (GDPR) that will be effective from the 25th May 2018.
The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and its purpose is to protect the “rights and freedoms” of living individuals, and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent
The Company is registered with the Data Protection Agency. In order to function safely Nursing Solutions Limited has to collect and use information not only from people who work for the company, but also from service users and professional bodies that it works with. Nursing Solutions Limited reserves the right to change this policy from time to time in line with regulatory changes and will inform you fully when it is required to do this.

PURPOSE AND SCOPE OF THE POLICY

This policy covers all of the company’s activities in which personal date is used, whether in hard copy or electronically. It applies also to all members of staff, service users and professional partners. The Company holds both “sensitive” and “personal” data concerning its staff and service users. This policy is in compliance with the GDPR and is this policy over-rides any other data protection policy previously used by the company.

DATA MINIMISATION

What personal data do we collect?

In an effort to comply with Data Minimisation, Nursing Solutions Limited will only collect the personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) that we need.

Definitions:

Personal Data – this is any information white relates to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier (e.g. name, address, phone number, email address).

Special Category Personal Data – this includes particularly sensitive and private information which is likely to cause distress and damage if compromised:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Health related conditions (physical or mental health)
  • Sexuality and sexual orientation
  • Commission or alleged commission of any criminal offence

Data subject – the individual to whom the personal data relates

Data controller – determines the purposes and means pf processing personal data

Data Processor – responsible for processing personal data on behalf of a controller

Data Breach – a security incident that affects the confidentiality, integrity or availability of personal data. A data breach occurs whenever personal data is:

  • Lost
  • Corrupted
  • Unintentionally destroyed or disclosed
  • Accessed or assed on without proper authorisation; or
  • Made unavailable and this unavailability has a significant negative effect on the data subjects.

The following are terms which are defined within data protection legislation:

Processing personal information fairly and lawfully and in particular, shall not be processed unless specific conditions are met;

  • Observe the rights of the individual under data protection legislation
  • Personal Information shall be obtained only for one or more specifies and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or those purposes for which it is processed
  • Shall be accurate and where necessary kept up to date
  • Shall not be kept for longer than is necessary for that purpose or those purposes
  • Shall be processed in accordance with the rights of data subjects under the Act
  • Shall be kept secure i.e. protected by an appropriate degree of security

Nursing Solutions Limited will ensure that the rights of people about whom the information is being held can be fully exercised under the Act. These rights include:

  • Being informed that processing is taking place
  • Having the right to access their personal information free of charge
  • The right to prevent processing in certain circumstances
  • The right to correct, rectify block or erase information

Nursing Solutions Limited will also ensure that all persons handling personal information understand the need to follow good practice principles. It will ensure that appropriate training and information is given to staff who will be involved in the processing and storage of data.

Nursing Solutions Limited care staff have responsibility for maintaining records as part of their work and are required to follow company guidelines on securely maintaining these records.

The company secures all information appropriately and has a robust policy for the Management, Retention and Safekeeping of Confidential and Sensitive Information. The purpose of this policy is to give confidence to both employees and purchasers of its services that all information the company is required to retain for the purposes of carrying out its normal business and duties is secured according to The Data Protection Act and appropriate consent has been obtained in relation to this.

RETAINING AND SECURING CONFIDENTIAL INFORMATION.

Nursing Solutions Limited retains and stores all confidential information in accordance with the GPDR.

All personal information which includes individual details such as application forms, references and disclosure information, and all confidential information is stored in a lockable cabinet in a locked room. Access to this information is strictly controlled to persons who require this information as part of their everyday duties.
All documentation is kept in compliance with specific times limits for different types of data.
Information kept electronically is controlled and is password protected, therefore only designated individuals have access to it.

DISPOSAL

Nursing Solutions Limited will only keep this information until such time as the specific retention period has elapsed. When this time, has passed all relevant documentation will be disposed of in an appropriate way. All documentation awaiting disposal will be secured properly according to the Data Protection Act.

In respect of Disclosure and Barring checks, the original will be destroyed when the information has been confirmed, but the following information will be transferred to another document to

be retained as a record. Date of Issue of Disclosure, unique reference number, applicant’s name, issue date and the position that warranted the Disclosure.

As a small business with less than 250 employees Nursing Solutions Limited is not required to register with the Information Commissioners Office, but, maintains all its records in compliance with the GDPR.

All employees have a responsibility for maintaining this policy.

PROCEDURE

The purpose of this Procedure is to identify the company’s response to any reported personal data breach incident, and ensure all incidents are managed in accordance with legal and regulatory requirements and best practice guidelines.
This procedure will ensure that any incidents are reported properly and are managed within a 72-hour time-frame in accordance with ICO requirements.
Appropriate staff will ensure that any data breached will be dealt with in such a manner that complies with GPDR. Staff dealing with breaches will receive training to ensure they are equipped to deal with any breach. They will understand the data breach which has occurred and will act accordingly. All incidents will be appropriately recorded and documented and will be reported to external bodies as required.
Nursing Solutions Limited reviews its policies and procedures with the view of identifying any areas for improvement and reduce the risk of any further occurrence.

0
YOUR CART
  • No products in the cart.