Just Giving Facebook

Policies

Data Protection and Subject Access Policy

Down Syndrome Group Northampton (DGSN)

DGSN will ensure that we endeavour to comply with the General Data Protection Regulations (GDPR).

DSGN see data protection compliance as an integral part of our business practices and we will take steps to develop a culture in which respect for private life, data protection, security and confidentiality of personal data is seen as normal practice.

The Regulations covers manual records as well as computerised records and is concerned with the processing of personal data relating to identifiable living individuals.

It works in the following ways:

  1. individuals (data subjects) certain rights
  2. requiring those who decide how and why personal data is processed to be open about their use of that data and to comply with the data protection principles in their information handling practices

The eight principles of the regulations make sure that data is handled properly. They say that data must be:

  1. fairly and lawfully processed
  2. processed for limited purposes
  3. adequate, relevant and not excessive
  4. accurate
  5. not kept longer than is necessary
  6. processed in line with individual’s rights
  7. secure
  8. not transferred to countries without adequate protection

The data protection officer is David Johnson who ensures that DSGN maintains day-to-day compliance with the Act.

DSGN holds personal and sensitive data to enable them to fulfil their duties, in relation to members.

Down Syndrome Group Trustees who process, or use personal data must ensure that they abide by the following principle always:

1. Retention and disposal for personal data records for DSGN policy, which is:
Manual Records

  • Members records can only be stored up to 3 years
  • All personal data when it is disposed, must be shredded and disposed of properly to ensure that it is not legible, and the time date of disposal recorded.
  • All records that are not due for disposal must be locked away securely with only certain designated officers having access

Computer Records

  • Members records can only be stored up to 3 years
  • All personal data to be disposed of must be done securely by deleting it off the system and the date/ time of disposal recorded, if necessary uninstalling the programme
  • All records that are not due for disposal must be kept in a secure manner by designated officers with pass-worded systems

Responsibilities of the Trustees Group

It is the responsibility of each individual collector of data to be aware of the provisions of the General Data Protection Regulations, such as keeping records up to date and accurate, and its impact on the work they undertake on behalf of DSGN.
Any breach of the Data Protection Policy, whether deliberate, or through negligence may lead to disciplinary and legal action being taken even leading to a possible criminal prosecution.

Data security

All Trustees are responsible for ensuring that:

  • Any personal data they hold, whether in electronic or paper format, is kept securely.
  • Personal information is not disclosed deliberately or accidentally either orally or in writing to any unauthorised third party.

Subject Access Requests

Members have the right to access personal data that is being kept about them if it falls within the scope of the GDPR.
If any person wishes to exercise this right, they should make their request in writing and forward this request to the Chair. All requests will be responded to within 40 days.

Darren Jones
Chairman, Down Syndrome Group Northamptonshire

23rd May 2018