It is our policy to comply with the requirements of the General Data Protection Regulation regarding how our organisation obtains, stores, processes and disposes of personal data. Our policy covers all aspects of how we handle personal data including, where relevant to our activities, the use of personnel data, PC/laptop and ‘Cloud’ storage, mobile phones, and any activity involving a third party acting in partnership with us or on our behalf.
It is our policy to:
1. ensure personal data security in our organisation;
2. have a GDPR-compliant contractual relationship with any third party that processes personal data with/for us, notably in relation to ensuring personal data security;
3. respect all individuals’ personal data rights, as described in GDPR and ICO guidance
4. identify, and have a lawful basis for using, any personal data. This will include seeking/confirming ‘explicit consent’ from individuals, if there is no other lawful basis.
5. have a clear, concise privacy notice, which is made readily available.
6. ensure all our staff are aware of the above, and if necessary trained, in relation to their own responsibilities.
7. ensure we keep up to date with GDPR guidance available from the ICO at: https://ico.org.uk/for-organisations/business/
In line with the above, the person responsible for ensuring that we manage GDPR compliance is David Mullis.
We will review this policy and our personal data needs at least annually, and seek to minimise the personal data we hold, in line with GDPR and the needs of the organisation.