Worksheets & Whiteboard Resources for Primary Maths, SPaG & Science
Not logged in
Back to Privacy & Data Protection

Learning Clip Ltd Data Protection – Data Security Policy

General

Learning Clip Ltd (hereafter also referred to as 'The Company' ) takes practical, technical and organisational security measures to protect the personal data we control and process as required under the Privacy and Data Protection Legislation. This is an on-going obligation to ensure that security arrangements remain in compliance with Privacy and Data Protection Legislation as it may be amended or supplemented from time to time.

This policy forms part of the Company’s suite of data protection policies. It is drafted so as to comply with the GDPR (General Data Protection Regulation) which comes into force in England on the 25th of May 2018 and which replaces the Data Protection Act 1998.

This policy sets out the Company’s position on data security including (but not limited to) security of personal data as defined by Data Protection legislation. For the purposes of this policy, “data” includes “personal data” but also all information belonging to the Company or in the possession of the Company which is of a sensitive or confidential nature.

This policy may be made public to data subjects, including employees and others engaged in providing services to the Company.

This policy has contractual effect within the organisation and all employees and others engaged in providing services to the Company are expected to abide by it.

Legal Framework

Data protection legislation requires that organisations process personal data in a manner that ensures its security. This includes ensuring protection against unauthorised or unlawful processing and against loss, destruction or damage.

Organisations must put in place policies to ensure that only authorised people can access, alter, disclose or destroy personal data, that everyone acts within the scope of their authority and that so far as possible, breaches are drawn to the attention of the organisation and steps are taken to minimise the effect of any breaches and to recover any lost data so as to prevent damage or distress to affected data subjects.

The more sensitive the data an organisation holds, the greater the measures that the organisation should take to protect it.

Outside the sphere of data protection, organisations are entitled to protect confidential information and trade secrets and may also be bound to protect information provided by third parties which is of a sensitive or personal nature.

1. Physical Security

2. Technological Measures

3. Access Controls

4. Culture and Practices

5. Personnel and Training

6. Agents and Sub-contractors

6. Incident/Response Management & Business Continuity

7. Information Security Audit, Testing and Improvement