- Home En
GDPR - Add-On Products handling of personal confidential data
Add-On Products STAFF CODE OF CONDUCT
To ensure staff members are effectively informed of what is required of them, Add-On Products has a Staff Code of Conduct (code) that identifies legal requirements and best practice.
The code applies to all staff groups: Management, Marketing, Sales, Support and Professional Services
The code is set out as follows:
1. Justify the purpose(s)
2. Don’t use personal confidential data unless it is absolutely necessary
3. Use the minimum necessary personal confidential data
4. Access to personal confidential data should be on a strict need-to-know basis
5. Everyone with access to personal confidential data must be aware of their responsibilities
6. Comply with the law and GDPR principles
Add-On Products systems and processes for protecting personal information include all safe haven procedures, e.g. for answering telephone queries or receiving personal confidential information, any information sharing protocols agreed with external organizations, encryption requirements for equipment and secure transfers of personal information.
Add-On Products will ensure that all staff members are aware of the possible disciplinary sanctions for failure to comply with their responsibilities, e.g. deliberately looking at records without authority; discussion of personal details in inappropriate venues; transferring personal information electronically without encrypting it, etc. Sanctions can include disciplinary action, ending a contract, dismissal, or bringing criminal charges
Add-On Products ensures that staff is effectively informed about the code, and that it is communicated to new clients.
Add-On Products STAFF GROUP SPECIFICS
Support personnel maintains security procedures for handling personal confidential information including procedures for deleting client databases and other data received during incident management and problem management activities.
Professional Services personnel maintains security procedures for handling personal confidential information including procedures for deleting information received during Configuration and Training sessions and when assisting incident management and problem management activities.