66. GDPR / Data Protection Policy
66.1. The purpose of this policy is to ensure all employees of Architecture North Ltd understand their responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act.
66.1.1. We are committed to protecting personal data and ensuring it is collected, processed, stored, and disposed of lawfully, securely, and transparently.
66.2 This policy applies to all employees, contractors, temporary staff, and interns who have access to personal data held by Architecture North Ltd in any form (electronic, paper, verbal).
66.2.1. Personal data means any information relating to an identified or identifiable individual.
66.3. All employees must:
66.3.1. Only access personal data required to perform their duties.
66.3.2. Keep all personal data secure (e.g., password-protect files, lock desks).
66.3.3. Never disclose personal data to unauthorised persons.
66.3.4. Report data breaches immediately to Management.
66.3.5. Avoid storing personal data of Clients on personal devices unless authorised and secure.
66.3.6. Follow company procedures for data retention and disposal.
66.3.6. Be cautious when discussing personal data of Clients in public areas or over unsecured communication channels.
66.4. A personal data breach is any incident leading to accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of personal data.
66.4.1. All breaches must be reported immediately to Management to meet legal reporting timelines.
66.5. Failure to comply with this policy may result in disciplinary action, up to and including dismissal.