Document 10713191

advertisement
Data Protection Policy
>
Statement of Policy
In the course of business, GKN deals with personal information about employees,
customers, suppliers and business contacts. GKN is committed to ensuring that such
personal information is treated with due respect for the privacy of the individual and is
kept in secure conditions. Such information will only be retained for as long as is relevant
to business requirements or to the interests of the individual to whom it relates.
>
General Principles
1. Each company must develop systems to manage personal information. The systems,
whether relating to electronic or to manual processing of information, must comply
with the general principles of this Policy and with the detailed requirements of any
relevant local legislation.
2. All employees must deal with personal information which they receive in the course of
their employment in compliance with the company systems and with the general
principles of this Policy.
3. Personal information must only be obtained and/or retained where it is relevant to the
pursuit of legitimate business objectives.
4. The use of such personal information must be in compliance with local legislative
requirements.
5. Personal information must be kept in secure conditions, with due precautions to
preserve confidentiality. These conditions must be maintained throughout the time the
information is held and during its destruction or deletion.
6. Each company must have a nominated Data Controller, to whom queries about the
processing of personal information should be addressed. On request from an
individual to the Data Controller, the reasons for processing personal information and
the type of information processed will be made known to the individual concerned.
7. Disclosure of identifiable personal information to other parties outside the GKN Group
other than to fulfill legal obligations will only occur with the knowledge and consent of
the individual to whom it relates.
8. Regular reviews of personal information held in each company must be carried out to
ensure that such information is relevant, accurate and up to date.
9. All GKN companies and employees must comply with all document retention
requirements under applicable laws and regulations and have in place suitable
document management procedures relating to all forms of document and not confined
to those containing personal information. Guidelines are attached as an Appendix to
this Policy.
This Policy must be read in conjunction with the GKN Code, the other GKN Policies and
the requirements regarding their implementation.
v1 – June 2006
-1-
Appendix to Data Protection Policy
Document Management Guidelines
All Divisional Chief Executives are responsible for ensuring that suitable document
management procedures are developed, either at Divisional or company level, relating to
the retention or destruction of documents, including computer records and e-mail.
>
Guidelines
1. Procedures must be compatible with the legal requirements relating to the Division or
company.
2. Procedures should be in writing and distributed to all employees. Periodic reminders
as to the requirements should also be issued.
3. Procedures should specify that “document” covers all data held on electronic media
as well as in hard copy and includes prior drafts of documents, e-mail messages,
hand written notes and annotations.
4. Guidelines as to which documents should be retained and which should be discarded
should be clear and include:
• a list of documents which must be retained by law (for example, documents of
incorporation, corporate registers, statutory returns and tax invoices) and any
prescribed retention periods
• a description of those documents which a company should keep to show that it is
entitled to conduct its business and has title to its material assets (for example,
shares, land, vehicles, intellectual property, etc.)
• in relation to businesses operating within the Aerospace sector, any special
requirements for documents with national or other security classifications or which
are subject to specific industry requirements.
5. In relation to documents (or categories of documents) which may be discarded,
procedures should state the period of time for which they should be retained prior to
being discarded.
6. Procedures should include treatment of electronic copies of messages and
documents. If paper documents are to be discarded, then copies on disk or back up
tapes should be disposed of as well. The routine clearing of electronic documents
such as e-mail, computer files and tape recordings should be encouraged. However,
where it is necessary to keep paper records to comply with disclosure obligations in
relation to litigation or enquiries of regulatory bodies, computerised versions should
also be retained.
7. Ill considered comments (for example, hand-written notes on documents or by e-mail
responses) should be discouraged as these can be ambiguous and may give rise to
difficulties.
8. Procedures should encourage recipients of duplicated documents to destroy them as
soon as the purpose for which they were distributed is accomplished on the basis that
the author of the document would keep the original until that too may be discarded.
v1 – June 2006
-2-
Appendix to Data Protection Policy
9. Methods of destruction (for example, shredding or secure incineration of confidential
documents) should be specified where appropriate.
10. Compliance with procedures should be monitored by key individuals within the
Division or company as appropriate. At least one of these individuals should be fully
conversant with the use of computerised records by the Division or company.
>
Requirements in the event of Legal Proceedings or Regulatory Investigations
Irrespective of whether or not document management procedures have been
implemented, when legal proceedings are brought by or against a Group company or it is
to be investigated by a regulatory authority, all relevant employees should be informed
immediately that documents (including those on electronic media) relevant to matters in
dispute or under investigation are to be preserved pending further notice.
>
Practice
The GKN Group Legal Department will be available to assist in the development of
document management procedures either directly or by identifying suitable external
advisers within the relevant jurisdiction.
v1 – June 2006
-3-
Download