When processing data we undertake the following:
- The processing is lawful, fair and transparent
- Transparent about what the data is being used for
- Data is collected for a specific purpose
- The data is necessary for the purpose
- The data must be accurate and kept up to date
- Data is not kept for longer than necessary
- The data is kept safe and secure
- Individuals can request that we stop processing their data
at any time
- Individuals can request for their data to be erased
We are currently auditing our suppliers and third-party providers and requesting that they pass on their statements around GDPR, and inform us of any anticipated major changes to their working practices. These include organisations such as job boards, LinkedIn, our CRM provider and our payroll provider. We are also following advice from the REC. For further information please email firstname.lastname@example.org or call 01202 680 311.
GENERAL DATA PROTECTION REGULATIONS (GDPR) STATEMENT
The EU General Data Protection Regulations (GDPR) will replace the 1995 EU Data Protection Directive with effect from 25th May 2018. The regulation will strengthen and unify data protection for all individuals within the EU and be enforced by the information commissioner’s Office (ICO).
Whilst we are confident that most of our current processes already fall in line with the GDPR expectations, we are:
Reviewing the purposes of our processing activities, and will select the most appropriate lawful basis for each activity.
We will check that the processing is necessary for the relevant purpose and document this to demonstrate compliance.
We will include information about both the purposes of the processing and the lawful basis for the processing in our privacy notice.
All of our staff are currently being briefed on GDPR and what their personal responsibilities are. Training will be given on any changes to process.
No personal data is transferred outside of the EU.