Neftaly Staff

NeftalyApp COURSES Partner INVEST Corporate CHARITY Divisions

[Contact SayPro] [About SayPro][Services] [Recruit] [Agri] [Apply] [Login] [Courses] [Corporate Training] [Study] [School] [Sell Courses] [Career Guidance] [Training Material[ListBusiness/NPO/Govt] [Shop] [Volunteer] [Internships[Jobs] [Tenders] [Funding] [Learnerships] [Bursary] [Freelancers] [Sell] [Camps] [Events&Catering] [Research] [Laboratory] [Sponsor] [Machines] [Partner] [Advertise]  [Influencers] [Publish] [Write ] [Invest] [Franchise] [Staff] [CharityNPO] [Donate] [Give] [Clinic/Hospital] [Competitions] [Travel] [Idea/Support] [Events] [Classified] [Groups] [Pages]

Email: info@neftaly.net Call/WhatsApp: + 27 84 313 7407

Neftaly Human Capital GDPR Management Policy, Procedures, Processes, Templates, Documents and Forms NeftalyP214

Written by

siphesihletshabalala

in

Neftaly Human Capital GDPR Management Policy, Procedures, Processes, Templates, Documents and Forms


Approved By: Chief Executive Officer(CEO)
Date Approved:30 October 2025
Review Date:26 November 2025

1. Overview

The Neftaly Human Capital GDPR Management Policy (NeftalyP214) establishes Neftaly’s commitment to complying with the General Data Protection Regulation (GDPR) and related data privacy laws.
This policy ensures that all personal data processed by Neftaly Human Capital is collected, stored, managed, and disposed of securely and lawfully, protecting the rights of all data subjects—employees, students, clients, and partners.

2. Purpose

The purpose of this policy is to:

  • Ensure compliance with GDPR and other applicable data protection legislation.
  • Protect the privacy and confidentiality of personal data held by Neftaly.
  • Define clear roles, responsibilities, and processes for managing personal data.
  • Establish consistent standards for collecting, processing, sharing, and retaining information.
  • Reduce risks associated with data breaches and misuse of personal information.

3. Scope

This policy applies to:

  • All Neftaly Human Capital, including Officers, Deputy Chiefs, Royal Directors, and Non-Executive Members.
  • All personal data processed by Neftaly, whether in digital, paper, or other formats.
  • All operations, systems, websites, apps, and third-party partnerships that involve personal data.

4. Policy Statement

Neftaly is committed to ensuring that personal data is processed lawfully, fairly, and transparently in compliance with GDPR principles.
All Human Capital must follow this policy when handling personal data to ensure security, accountability, and respect for individuals’ rights.

5. Core GDPR Principles

  1. Lawfulness, Fairness, and Transparency: Data must be processed lawfully and clearly communicated to data subjects.
  2. Purpose Limitation: Data must only be used for specific, legitimate purposes.
  3. Data Minimization: Only data necessary for the intended purpose should be collected.
  4. Accuracy: Data must be accurate and kept up to date.
  5. Storage Limitation: Data must not be retained longer than necessary.
  6. Integrity and Confidentiality: Data must be securely stored and protected from unauthorized access.
  7. Accountability: Neftaly must demonstrate compliance with all GDPR obligations.

6. Procedures and Processes

6.1 Data Collection and Consent

  • Personal data must only be collected for legitimate business or regulatory purposes.
  • Consent must be freely given, informed, and recorded using NeftalyF214-01 Data Consent Form.
  • Where consent is withdrawn, data must be deleted unless retention is legally required.

6.2 Data Processing and Access Control

  • Data must be processed according to approved business functions and recorded in NeftalyD214-01 Data Processing Register.
  • Access to personal data is restricted based on role and necessity (principle of least privilege).
  • All systems containing personal data must use strong password protection and encryption standards.

6.3 Data Sharing and Transfers

  • Personal data must not be shared externally without proper authorization.
  • Data sharing agreements must be established using NeftalyT214-01 Data Sharing Agreement Template.
  • Transfers of data outside the EU or UK must comply with GDPR international transfer requirements.

6.4 Data Retention and Disposal

  • Retention periods for data must be defined in the NeftalyR214-01 Data Retention Schedule.
  • Data no longer required must be securely deleted or shredded, with disposal logged in NeftalyR214-02 Data Disposal Record.

6.5 Data Breach Management

  • Any suspected data breach must be reported immediately using NeftalyF214-02 Data Breach Report Form.
  • The Chief Human Capital Officer (CHCO) and Data Protection Officer (DPO) must investigate within 24 hours.
  • If necessary, the Information Regulator or supervisory authority must be notified within 72 hours.

6.6 Data Subject Rights

  • Data subjects have the right to access, rectify, erase, restrict, or object to processing.
  • Requests must be processed within 30 days and recorded using NeftalyF214-03 Data Subject Request Form.
  • CHCO and DPO oversee all subject request compliance.

6.7 Training and Awareness

  • All Human Capital must complete GDPR awareness training annually.
  • Training attendance is tracked using NeftalyR214-03 GDPR Training Register.

7. Roles and Responsibilities

RoleResponsibilities
Chief Executive Officer (CEO)Ensures organizational compliance and approves data protection strategies.
Chief Human Capital Officer (CHCO)Oversees GDPR implementation, training, and compliance monitoring.
Data Protection Officer (DPO)Provides expert guidance, manages breaches, and liaises with regulatory authorities.
Royal DirectorsEnsure divisional compliance and report breaches to CHCO and DPO.
Deputy ChiefsSupport data handling compliance and maintain records of processing activities.
Officers and Human CapitalHandle personal data responsibly, following all procedures and confidentiality standards.

8. Documentation and Templates

  • NeftalyF214-01: Data Consent Form
  • NeftalyD214-01: Data Processing Register
  • NeftalyT214-01: Data Sharing Agreement Template
  • NeftalyR214-01: Data Retention Schedule
  • NeftalyR214-02: Data Disposal Record
  • NeftalyF214-02: Data Breach Report Form
  • NeftalyF214-03: Data Subject Request Form
  • NeftalyR214-03: GDPR Training Register

9. Compliance and Monitoring

  • The DPO and CHCO conduct quarterly GDPR compliance audits.
  • Non-compliance may result in disciplinary action, retraining, or legal reporting.
  • External audits may be commissioned for independent verification of GDPR standards.

10. Review and Evaluation

This policy will be reviewed annually by the CHCO, DPO, and CEO to ensure compliance with evolving data protection laws, technological advancements, and Neftaly operational changes.

11. Frequently Asked Questions (FAQs)

Q1: What is personal data under GDPR?
A: Any information relating to an identifiable individual, such as names, contact details, IDs, or online identifiers.

Q2: What should I do if I suspect a data breach?
A: Immediately complete the Data Breach Report Form (NeftalyF214-02) and inform your Officer or the DPO.

Q3: Who can access personal data?
A: Only authorized personnel with valid business or operational need.

Q4: How long can Neftaly retain data?
A: Only as long as necessary for legal, regulatory, or operational reasons outlined in the retention schedule.

Q5: What happens if GDPR rules are violated?
A: Violations can lead to internal disciplinary actions and potential external legal penalties.

Approved By:
Neftaly Malatjie
Chief Executive Officer

Post Date

Modified Date

Comments

Leave a Reply

More posts