In its everyday business operations, Aspen Medical makes use of a variety of data about identifiable individuals, including data about:
- Current, past and prospective employees
- Customers
- Users of its websites
- Subscribers
- Other stakeholders.
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it. The purpose of this policy is to set out the relevant legislation and to describe the steps Aspen Medical is taking to ensure that it complies with it. This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Aspen Medical systems.
The following policies and procedures are relevant to this document:
- Data Protection Impact Assessment Process
- Personal Data Analysis Procedure
- Legitimate Interest Assessment Procedure
- Information Security Incident Response Procedure
- GDPR Roles and Responsibilities
- Records Retention and Protection Policy.