top of page
TCS_TheIdeasCompany.png

TCS (EUROPE) LTD GDPR POLICY

 

1. Purpose

This policy sets out how TCS Europe complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 to protect the rights and privacy of individuals and ensure that personal data is handled legally, ethically, and securely.

 

2. Scope

This policy applies to all employees, contractors, consultants, and third parties who have access to personal data processed by TCS Europe

 

3. Data Protection Principles

In accordance with the UK GDPR, TCS Europe commits to processing personal data in a way that is:

  • Lawful, fair and transparent

  • Collected for specified, explicit, and legitimate purposes

  • Adequate, relevant and limited to what is necessary

  • Accurate and kept up to date

  • Retained only for as long as necessary

  • Processed securely to ensure integrity and confidentiality

 

4. Legal Basis for Processing

We only process personal data where there is a lawful basis, including:

  • Consent of the data subject

  • Performance of a contract

  • Compliance with a legal obligation

  • Protection of vital interests

  • Legitimate interests pursued by the company

 

5. Rights of Data Subjects

We uphold the following rights for individuals:

  • Right to be informed

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restrict processing

  • Right to data portability

  • Right to object

  • Rights related to automated decision making

 

6. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Examples include:

  • Encryption and secure storage

  • Access controls and role-based permissions

  • Regular security audits and training

 

7. Data Breach Notification

In the event of a data breach, TCS Europe will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach is likely to result in a risk to individuals’ rights and freedoms

  • Inform affected data subjects when required

 

8. Data Retention

Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory, or reporting requirements.

 

9. Responsibilities

  • Operations Manager and Managing Director oversees compliance and manages subject access requests

  • Employees: Must follow this policy and report any concerns or incidents immediately

 

10. Training and Awareness

All employees will receive data protection training upon induction and periodically thereafter.

 

11. Review

This policy will be reviewed annually or following any significant changes in data protection legislation.

​

Jul 2025

Review Date: Jul 2026

bottom of page