Quality Assurance Manual - Flipbook - Page 32
Quality Assurance Manual
All contractors, suppliers and other people working on behalf of iPowerboat Ltd.
It applies to all data that the company holds relating to identifiable individuals, even if that
information technically falls outside of the Data Protection Act 2018. This can include:
Names of individuals;
Postal addresses;
Email addresses;
Telephone numbers;
Any other information relating to individuals.
This policy helps to protect iPowerboat Ltd from some very real data security risks, including:
Breaches of confidentiality. For instance, information being given out inappropriately;
Failing to offer choice. For instance, all individuals should be free to choose how the
company uses data relating to them;
Reputational damage. For instance, the company could suffer if hackers successfully
gained access to sensitive data.
Responsibilities
Everyone who works for or with iPowerboat Ltd has some responsibility for ensuring data is
collected, stored and handled appropriately. Each team that handles personal data must ensure that
it is handled and processed in line with this policy and data protection principles. However, these
people have key areas of responsibility.
The owners are ultimately responsible for ensuring that iPowerboat Ltd meets its legal obligations.
Ryan Tozer, is responsible for data protection, in particular:
Reviewing all data protection procedures and related policies, in line with an agreed
schedule.
Arranging data protection training and advice for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Dealing with requests from individuals to see the data iPowerboat Ltd holds about them
(also called ‘subject access requests’).
Checking and approving any contracts or agreements with third parties that may handle the
company’s sensitive data.
Ensuring all systems, services and equipment used for storing data meet acceptable security
standards.
Performing regular checks and scans to ensure security hardware and software is
functioning properly.
Evaluating any third-party services, the company is considering using to store or process
data. For instance, cloud computing services.
Approving any data protection statements attached to communications such as emails and
letters.
Addressing any data protection queries from journalists or media outlets like newspapers.
Where necessary, working with other staff to ensure marketing initiatives abide by data
protection principles.
22/05/2021
Page 32 of 34
Quality Assurance Manual
© Copyright iPowerboat Ltd 2021
Version_Final_Draft_0.2