
Data Protection
STAFF AND PROCEDURES
Q AND A
How do you make all staff aware of their responsibilities under the Data Protection
Law?
Although most data protection is common sense, we make it common practice. When we
welcome new people into the Bonacia Family, Data Protection is part of the induction. They
get taken through the dos and don’ts of data protection and once they’re happy they know
what they are doing, they sign to this effect.
With the introduction of GDPR we have overhauled our training on this and have added it as
a programme to our in-house training academy for further training.
How do you make sure your staff are responsible and reliable?
We ask for full references and check these before we employ anyone.
Also every member of the Bonacia Family has been DBS checked… from the directors
and senior managers to the lads and ladies in the print shop – so you really know your data
is in safe hands.
Do you have a Data Protection or Information Security Policy in place?
Do we ever, we have lots! We look after a lot of data for various different brands so each
team have their own policy which is super relevant to how they work. And as a business we
have policies that apply to all departments, mainly IT and email related.
What would happen to a member of staff if they breached Data Protection?
We take Data Protection very seriously, we focus on training and procedures to ensure
this doesn’t happen. Just in case, we do have an internal procedure for Data Protection
breaches and everyone in the building knows that breaching Data Protection could result in
disciplinary action.
Do you use any subcontractors to process data? If so, do you have any safeguards?
We don’t… we like to do things ourselves! Like the saying goes, if you want something doing
properly, do it yourself!
Do you collect data from individuals on our behalf? If so, how do you use it and will it
be shared?
The only brand that processes data on your behalf is Book Printing UK when they are
offering their fulfilment service; but you can rest assured we don’t share this and look after
the data as if it were our own.
All other brands do not.
If individual parents place orders with us (either through Young Writers or the Leavers’ Books
Parent Payment Portal) this opens a relationship with us. We have privacy policies for this and the
only time we will use their data is relating to their order – and of course we’d never share this.
Do you restrict staff in what information they can access?
Certainly, although we trust our staff implicitly we think it makes things a little neater –
employees only have access to the information on the database they need to do their job to
the best of their ability.