GDPR – General Data Protection Regulation
What is GDPR?
On the 25th May 2018, the data protection system across the EU (including the UK) will change. GDPR will replace the provisions of the Data Protection Act 1998 (DPA). The GDPR preserves the rights provided under the current law and also provides new rights and enhanced protection for individuals, known as Data Subjects.
The following are the new rights for individuals under GDPR:
- Right to be informed
- Right of access
- Right of rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision making and profiling
Kensington and Chelsea Mind GDPR Statement
Kensington and Chelsea Mind are committed to achieving compliance with GDPR prior to the implementation of the Regulation in May 2018. We have compiled a strategy and a work-plan to ensure we will be ready for GDPR. We are identifying what personal data we hold; in respect of trustees, members, staff, clients, contractors, service providers and advisors, why we hold it, where it is stored and for how long. We are already compliant with the Data Protection Act and our compliance with GDPR will build on this foundation.
Below is an overview of our GDPR work-plan and progress so far:
The Board of Trustees have approved a revised Data Protection policy, which complies with the new regulations, strategy and work-plan to support the whole business to undertake this important work. This will include:
- Identifyng all systems and locations that hold personal data to ensure we know whether that data is held, why we hold it and for how long. This is in progress.
- Developing a strategy and work-plan to address the areas impacted by GDPR. This is in place.
- Implementing the required changes to our internal processes and procedures to achieve and maintain compliance with GDPR. This is in progress.
- Ensuring that all employees, volunteers and workers are educated and informed about GDPR and the changes that will be required. This is in progress.
- Finalising and communicating our full compliance prior to the deadline of May 25th, 2018.
- We will review our data security, privacy policies and processes to ensure that we are not only compliant but go further to ensure that your data is safe with us.
Based on the research conducted both internally and externally, we are confident that the measures we will be introducing will meet the requirements of GDPR 2018.
For more information about GDPR www.ico.org.uk
Author: Michelle Jackson
Posted on: 1st April 2018