What Is GDPR?
GDPR regulates the way that Data is collected, handled and used. GDPR states that information must be dealt with Fairly, Lawfully, have limited usage, be maintained accurately, kept safe and destroyed in the right way.
Operating Fairly:
To be fair to the data subject we inform them who the Data Controller is – and how they can be contacted, what data we hold, what we do with it, why we hold it, how long we’ll hold it for, how they opt out and how the data is used as part of the service we provide them.
This is provided free of charge, in plain, clear language as soon as possible after the data is collected.
Operating Lawfully:
The GDPR enshrines certain rights of the Data Subject:
- The Right To Be Informed.
- The Right Of Access.
- The Right To Rectification.
- The Right To Erasure.
- The Right To Restrict Processing.
- The Right To Object.
- Rights In Relation To Automated Decision Making & Profiling.
We demonstrate that we are handling the data according to the regulations by forming Data Protection Polices, Training Staff and maintaining relevant documentation on data processing activities.
We will also implement measures that include removing any unnecessary Data, Anonymising data where possible, creating security measures and monitoring data processing activities.
At Staff meetings the Data Controller will explain the importance of safe and responsible data handling to all staff, and inform them how they can play their part. The staff will understand what a data breach is, how serious it can be, and know how and to whom it must be reported.
In the case of a serious Data Breach that is likely to affect the rights or freedoms of data subjects, the Data Controller will notify the ICO within 72 hours. They will inform the ICO with details of the breach, the number of subjects involved, the types of data involved, details of the data controller or organisation and a description of the likely consequences of the breach measures taken or about to be taken to mitigate outcomes.