Data Protection Policy Statement
The Institute of Professional Will writers recognises the significance of data protection. The purpose of this policy is to protect all personal information controlled or processed by the organisation, and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Institute of Professional Will writers.
Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.
Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are monitored, reviewed and improved by the Board to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory and contractual requirements.
In particular, Institute of Professional Will writers are committed to compliance with data protection requirements and good practice to include:
- Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes;
- Processing only the minimum personal information required for these purposes;
- Providing clear information to natural persons (including children) about how their personal information can be used and by whom;
- Only processing relevant and adequate personal information;
- Processing personal information fairly and lawfully;
- Maintaining a documented inventory of the categories of personal information processed by the organisation;
- Keeping personal information accurate and, where necessary, up-to-date;
- Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal;
- Respecting natural persons’ rights in relation to their personal information;
- Keeping all personal information secure;
- Only transferring personal information outside the UK in circumstances where it can be adequately protected;
- Developing and implementing GDPR to enable the data protection policy to be implemented;
- Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisation’s;
- Identify workers with specific responsibility and accountability for GDPR;
- Maintain records of processing of personal information.
Our Data Protection Policy Awareness Program is incorporated in our staff induction and training program. The Data Protection policy is readily accessible internally and presented to existing and prospective clients. In addition to employees; suppliers, contractors and sub-contractors of IPW are expected to adhere to our Data Protection Policy.
Institute of Professional Will writers are committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.
Through compliance to applicable statutory, regulatory and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Institute of Professional Will writers will demonstrate confidence, integrity and credibility both internally and externally.
Rob Adams
Managing Director
23/05/18
Version 1.0