In its everyday business operations the Grounds Management Association makes use of a variety of data about identifiable individuals, including data about:
Current, past and prospective employees
Members, Customers, Clients
Users of its websites
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps the Grounds Management Association is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees and other third parties who have access to the Grounds Management Association systems.
The following policies and procedures are relevant to this document:
Data Protection Impact Assessment Process
Personal Data Mapping Procedure
Legitimate Interest Assessment Procedure
Information Security Incident Response Procedure
GDPR Roles and Responsibilities
Records Retention and Protection Policy