On 25 May 2018, the GDPR (General Data Protection Regulation) will replace and upgrade the existing Data Protection Act 1998 in the UK.
GDPR aims to give people more control over their personal data and to simplify administration for international businesses with a process which applies across the European Union. The UK Government has already confirmed that Brexit will not affect the adoption of GDPR and that, post-Brexit, the UK’s own law (or a newly-proposed Data Protection Act) will directly mirror the GDPR.
GDPR applies to ‘personal data’, meaning any information relating to a person who can be directly or indirectly named by an ‘identifier’. There is a wide range of ‘identifiers’ including name, address, identification number, location or even an online code, depending on how difficult it is to attribute the code to a particular individual. The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible.
Ronan’s Trust will make every effort possible, in everything we do, to comply with the principles of EU General Data Protection Regulation.
The six principles are:
Lawful, fair and transparent
Data collection must be fair and for a legal purpose. We must be open and transparent as to how the data will be used.
Limited for its purpose
Data can only be collected for a specific purpose.
Any data collected must be necessary and not excessive for its purpose.
The data we hold must be accurate and kept up to date.
We cannot store data longer than necessary.
Integrity and confidentiality
The data we hold must be kept safe and secure.
Ronan’s Trust will meet the GDPR guidelines and follow the best advice from government and legal authorities for the charity sector.
Include checks on the data we obtain, store and use on past and present Trustees, Directors, Volunteers, Supporters and Suppliers.
Understand the types of personal data we hold such as name, address, email, bank details, photos and IP addresses PLUS any sensitive data such as health details or religious views. We will understand where this data has come from and where and how it is used.
Obtain clear, specific consent under GDPR to process personal data for management, marketing and promotional activities i.e. there will be a positive opt-in to consent with no pre-ticked boxes or default options. Consent requests will be separated from other terms and conditions.
Ensure our security measures and policies are GDPR-compliant.
Meet access requests within a one-month timeframe. Under the GDPR, people have the right to a) access all their personal data, b) rectify any inaccuracies, c) object to processing in certain circumstances or d) completely erase all their personal data. Each request carries a timeframe and deadline of one month.
Train our Staff and Volunteers and instruct them to report a serious breach to our Data Protection Officer within 72 hours. We will ensure they understand what constitutes a personal data breach.
Conduct due-diligence on our suppliers to ensure they are GDPR-compliant to avoid being impacted by any breaches and consequent penalties.
When using our Ronan's Trust contact form through the Ronan's Trust website we then will respond to your question and then have your email address on our system - we will then only send you our newsletter and events information is you have requested we do so.
If you have any further questions about GDPR or your personal data, please contact us on 07757710616 or email email@example.com