In its everyday business operations, Fhoke Limited makes use of a variety of data about identifiable individuals, including data about:

• Current, past and prospective employees
• Customers
• Users of its websites
• Subscribers

In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.

The purpose of this policy is to set out the relevant legislation and to describe the steps Fhoke Limited is taking to ensure that it complies with it.

This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Fhoke Limited systems.

The following policies and procedures are relevant to this document:

• Data Protection Impact Assessment Process
• Information Security Incident Response Procedure
• GDPR Roles, Responsibilities and Authorities
• Records Retention and Protection Policy