The Lonsdale Vehicle Sales Directs Protection Policy is to comply with the provisions of the 1998 Act and all relevant subordinate legislation, by:
The Data Protection principles state that personal data shall be:
This Policy and supporting material will be subject to internal audit. It will be reviewed annually by the Data Protection Committee. Consideration will be given to: any changes to the UK Data Protection legislation , any changes in current practice within Lonsdale including requirements that may involve processing of personal data on a new basis.
The Data Protection Committee is the data controller and as such, it is responsible for ensuring that Lonsdale complies with all provisions of the Act, in particular the data protection principles.
Managers are responsible for: ensuring that data protection requirements are observed providing clear messages to their staff regarding appropriate processing of the personal data that they handle identifying and addressing training needs within the team and informing the Data Protection Committee if the available training will not address their needs, consulting the Data Protection Committee before processing personal data for a new purpose, informing the Data Protection Committee of any data subject requests or complaints.
All employees are responsible for: complying with the data protection principles, as supported by the Policy, guidance on the application of the Policy and associated policies and guidance, contacting their manager or the Data Protection Committee for guidance if they are in any doubt about how they should deal with certain personal data only processing personal data in the manner that is authorised for the purpose of carrying out their job or with management authorisation.
Lonsdale takes data protection compliance very seriously; any breach of data protection legislation, local data protection procedures and/or the provisions of the Data Protection Policy may render staff liable to internal disciplinary proceedings. Staff should be aware that it is a criminal offence to breach certain provisions of the Act. Knowingly or recklessly obtaining or disclosing personal data without the data controllers authority may leave an individual employee liable to prosecution.