GDPR – General Data Protection Regulations
The GDPR legislation comes into effect on 25th May 2018. This new European legislation increases the responsibility and accountability placed on us to manage the data we hold on any individual.
The journey to compliance has begun. This journey does not end on 25th of May it will continue as part of how we do our business forever. For now, our focus is on awareness for all and identification of any gaps we might have. We are asking staff to consider their own role and how the data protection principles (outlined below) could better be addressed within it.
The 7 Principles of Data Protection are :-
1.Our reasons for collecting data must be - LAWFUL, FAIR, & TRANSPARENT
2.We must only use the data collected for the LIMITED PURPOSE, which we stated we would use it for when we collected it.
3.We must MINIMISE OUR DATA held – only collect what is needed
4.The data we hold must be ACCURATE
5.We must only hold data for the RETENTION PERIOD that we have stated we will hold it for and this must be appropriate to the requirements of the data.
6. We must have adequate SECURITY (policies as well as physical safeguards) in place to protect data we hold.
7. We must demonstrate compliance and ACCOUNTABILITY in relation to how we manage the data we hold.
ETBI has devised a suite of Draft Data Protection Policies which are currently being adapted for WWETB’s use
Our existing Data Protection and related policies will remain in place and you should continue to secure data responsibly in line with current policy until such time as new policies are adopted by the WWETB Board.
Whereas the legislation in many cases doesn’t significantly alter our current responsibilities, it has provided for shorter timelines with regards to reporting of Data Breaches and responding to Data Access Requests. In the event of any suspected breaches or upon receipt of a Data Access Request please notify same to: - [email protected] immediately.
We are planning a comprehensive audit of information and procedures across the organisation in the coming months. As part of this process we will liaise with each individual Principal/Centre Manager to assist with this comprehensive audit to help us evaluate our current position and prioritise areas for future development and change.