This statement outlines how Oil & Gas Systems Limited (OGS) shall meet the requirements of the European Union General Data Protection Regulation 679/2016 (GDPR).
OGS is committed to meeting the legal obligations of the GDPR and ensure that personal information is handled appropriately in line with the applicable requirements of this European Union (EU) Regulation.
OGS will ensure that through proper planning, organising, implementation and review of arrangements that it is meets its legal obligations regarding data privacy and protection.
OGS will ensure that:
- Personal information is only processed where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes.
- Processing only the minimum personal information required for these purposes.
- Providing clear information to natural persons about how their personal information can be used and by whom.
- Ensure special safeguards when collecting information directly from persons under 18 years old.
- Only process relevant and adequate personal information.
- Process personal information fairly and lawfully.
- Maintaining a documented inventory of the categories of personal information processed by the organisation in the form of a Privacy Impact Assessment.
- Keep personal information accurately and, where necessary, up-to-date.
- Retain personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purpose and ensuring timely and appropriate disposal.
- Respecting natural persons’ rights in relation to their personal information.
- All personal information is kept securely.
- If transferring personal information outside the UK, that it will be adequately protected.
- Where appropriate, have a strategy for dealing with regulators across the EU, where goods and/or services are offered to natural persons who are resident in other EU countries.
- Apply as appropriate, the various exemptions allowable by data protection legislation.
- Where appropriate, internal and external interested parties are identified and the degree to which they are involved in the governance of the organisation’s management of personally identifiable information.
- Define persons in the organisation who have a specific responsibility and accountability for the management of personally identifiable information and data privacy.
- Records of processing of personal information are maintained.
This Policy Statement and supporting information shall be available as documented information and communicated within the organisation. It shall be made available to external interested parties upon request, or as deemed appropriate.
24th May 2018