Data Protection Policy
GDPR – 25 May 2018
Useful information Principles
GDPR into six privacy principles:
1. Lawfulness, fairness and transparency
Transparency: Tell the subject (Member,Visitor, Staff) what data processing will be done.
Fair: What is processed must match up with how it has been described
Lawful: Processing must meet the tests described in GDPR [article 5, clause 1(a)]
2. Purpose limitations
Personal data can only be obtained for “specified, explicit and legitimate purposes”[article 5, clause 1(b)]. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.
3. Data minimisation
Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”.[article 5, clause 1(c)]
i.e. No more than the minimum amount of data should be kept for specific processing.
Data must be “accurate and where necessary kept up to date” [article 5, clause 1(d)]
Baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data.
5. Storage limitations
Regulator expects personal data is “kept in a form which permits identification of data subjects for no longer than necessary”. [article 5, clause 1(e)]
i.e. Data no longer required should be removed.
6. Integrity and confidentiality
Requires processors to handle data “in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage”. [article 5, clause 1(f)]