Wrightbus Publishes Data Protection Policy in Line with UK GDPR
Wrightbus has released a detailed data protection policy covering how the bus manufacturer handles personal data for employees, customers, and suppliers, ensuring compliance with UK GDPR and the Data (Use and Access) Ac…
96 hours
1 month
24 hours
What Happened
The policy applies to all personal data processed by Bamford Bus Company (Wrightbus) across manufacturing, HR, sales, and other operations. It outlines seven core data protection principles, including lawfulness, purpose limitation, and data minimization, and establishes roles for the Board, a Data Protection Officer (DPO), and employees.
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
96 hourshours
Extended from 72 hours under the Data (Use and Access) Act 2024 for high-risk breaches.
Why this matters
Data protection laws require companies to process personal data lawfully and transparently. This policy shows Wrightbus's commitment to safeguarding privacy and complying with updated UK regulations.
Terms in This Story
- UK GDPR
- UK General Data Protection Regulation; the data protection law that governs how personal data is processed in the United Kingdom.
- Data Protection Officer (DPO)
- An individual appointed by an organization to oversee data protection strategy and compliance with GDPR.
- Personal data
- Any information relating to an identified or identifiable living individual.
- Special category data
- Sensitive personal data that requires extra protection, such as health, biometric, or political opinions.
Summarised from the linked release; details can be imperfect — always verify against the original source.