Data Protection Policy – GDPR

The data protection Act 1998 came into force on 1st March 2000.  It regulates the use of personal data and gives effect in UK law to the European Directive on data protection.

The Act covers some manual records such as those recorded on paper or media such as microfiche, as well as computerised records and is concerned with the processing of ‘personal data’, that is relating to identifiable living individual.  It works in two ways:

  • It says anyone who records and uses personal information must be open about how information is used and must follow the eight principles of ‘good information handling’.
  • It also gives you, as individuals certain rights, including the right to see information that is held about you and to have it corrected if it is wrong,

PBC Associates Limited will comply with its obligations under the Data Protection Act 1998.  All data held by PBC will be processed in compliance with the Act and any codes of practice issued by the Information Commissions Office (ICO); most recent updated reviewed in relation to the GDPR consent process.  Data will be processed in a secure, confidential and appropriate manner from its initial collection to its final destruction by following the eight data protection principles which are:

  1. Personal data shall be processed fairly and lawfully.
  2. Processed for limited purposes.
  3. Personal data shall be adequate, relevant and not excessive.
  4. Personal data shall be accurate.
  5. Personal data shall not be kept for longer than is necessary.
  6. Processed in line with the data subjects rights.
  7. Secure
  8. Not transferred to countries outside of the EU.

PBC Associates has a responsibility to all its employees, learners, employers and associates to ensure that they are fully aware of the implications of the Data Protection Act 1998 and to ensure that suitable security measures are applied at all times in the processing of individuals data.

PBC Associates holds data on individuals for the purpose of planning and facilitating the delivery of agreed learning programmes.  This data is only used for government ESFA data collection and for awarding body registration and certification purposes.