NATTC UK-GDPR 2020 & DPA 2018 Policy 

  1. Introduction

1.1. Purpose: This policy outlines NATTC’s commitment to complying with the UK-GDPR 2020 and DPA 2018 in the handling and processing of personal data. 

1.2. Scope: This policy applies to all employees, contractors, and third parties who process personal data on behalf of NATTC 

  1. Data Protection Principles

2.1. Lawfulness, Fairness, and Transparency: NATTC will process personal data lawfully, fairly, and transparently. 

2.2. Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and will not be further processed in a manner that is incompatible with those purposes. 

2.3. Data Minimization: NATTC will only collect and process personal data that is necessary for the purposes for which it was collected. 

2.4. Accuracy: NATTC will take reasonable steps to ensure that personal data is accurate and up to date. 

2.5. Storage Limitation: Personal data will be kept in a form that permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed. 

2.6. Integrity and Confidentiality: NATTC will process personal data in a manner that ensures its security, including protection against unauthorised or unlawful processing, loss, destruction, or damage. 

  1. Data Subject Rights

3.1. Right to Access: Data subjects have the right to access their personal data held by NATTC. 

3.2. Right to Rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data. 

3.3. Right to Erasure (Right to be Forgotten): Data subjects have the right to request the deletion of their personal data under certain circumstances. 

3.4. Right to Restriction of Processing: Data subjects have the right to restrict the processing of their personal data under certain circumstances. 

3.5. Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format. 

3.6. Right to Object: Data subjects have the right to object to the processing of their personal data under certain circumstances. 

3.7. Automated Decision-Making and Profiling: Data subjects have the right not to be subject to automated decision-making, including profiling, which produces legal effects concerning them or similarly significantly affects them. 

  1. Data Protection Officer

4.1. NATTC have appointed a Data Protection Officer (DPO) responsible for overseeing data protection efforts and ensuring compliance with the UK-GDPR and DPA 2018. 

  1. Data Breach Notification

5.1. NATTC will promptly report any personal data breach to the Information Commissioner’s Office (ICO) and affected data subjects when required by law. 

  1. International Data Transfers

6.1. When transferring personal data outside the UK or the European Economic Area (EEA), NATTC will ensure that adequate safeguards are in place to protect the data. 

  1. Training and Awareness

7.1. NATTC will provide training and raise awareness among employees and contractors regarding data protection policies and procedures. 

  1. Privacy Impact Assessments (PIAs)

8.1. NATTC will conduct Privacy Impact Assessments for high-risk processing activities involving personal data. 

  1. Policy Review and Updates

9.1. This policy will be reviewed regularly and updated as necessary to ensure compliance with evolving data protection regulations. 

  1. Enforcement

10.1. Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contractual relationships. 

 

Scroll to Top